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9,501,234; and patent pending applications. 


1 What's new in Acronis Cyber Backup 


Note 
In cloud deployments, some of the features described in this section might not be available or might 
be different. 


1.1 What's new in Update 6 


1.1.1 VMware vSphere 7.0 support 


e Agentless backup and recovery of virtual machines running on VMware vSphere 7.0 is fully 
supported. 
e VMware vSAN 7.0 is fully supported. 


e Limitations in Acronis Cyber Backup 12.5 Update 6 release: 
o ESXi configuration backup is not supported. 
o (Same as for vSphere 6.7) Virtualization Based Security (VBS) option is always disabled on 
restored virtual machine. 
o (Same as for vSphere 6.7) Trusted Platform Module (TPM) is absent on restored virtual machine. 
o (Same as for vSphere 6.7) VMware vSphere configurations with PMEM datastores are not 
supported. 


1.2 What's new in Update 5 


1.2.1 Acronis Cyber Backup 


Acronis Backup has been renamed to Acronis Cyber Backup. 


1.2.2 Installation 


e [Windows only] An installation package that includes both 32-bit and 64-bit installation files (more 
than 3 GB in size) is now available. 


e Itis now possible to generate .mst file on the machine where an agent is already installed. 


1.2.3 Support for new operating systems 


e Support for macOS 10.15 Catalina 

e Support for Ubuntu 19.04, 19.10, and 20.04 
e Support for CentOS 8.1 

e Support for Oracle Linux 8.1 

e Support for CloudLinux 7.7 

e Support for ClearOS 7.6 
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1.3 What's new in Update 4 


1.3.1 Backup 


e The enhanced backup option Performance and backup window (former Performance) 
enables you to set one of three levels of backup performance (high, low, prohibited) for every hour 
within a week. The high and low levels are configurable in terms of the process priority and output 
speed. 

e The Physical Data Shipping backup option for cloud backups 


1.3.2 Recovery 


The capability to save system information on a local disk or a network share if a recovery with reboot 
fails. 


1.3.3 Scalability 


The maximum number of physical machines that can be registered on a management server 
increased from 4000 to 8000. 


1.3.4 Security 


e The capability to disable anonymous registration so that a user name and password of a 
management server administrator are always required when registering a device. 

e All communication during a device registration is done via HTTPS. It works out of the box and 
cannot be disabled. It is possible to enforce certificate verification during unattended installation in 
Windows and in Linux. 

e Mass registration of devices by using a token instead of a user name and password 


e The capability to install Agent for Linux in UEFI systems with enabled Secure Boot. 


1.3.5 Applications 


e Support for Microsoft Exchange Server 2019 


e CBT (tracking file changes at a block level) can be disabled for backups of SQL and Exchange 
databases. 


1.3.6 Active Protection 
New protection options: 


e Itis possible to allow certain processes to modify backup files while self-protection is on 
e Protection of network folders mapped as local drives 


e Detection of cryptomining malware 
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3.7 Virtualization 


Conversion to the following virtual machine types: 

o VMware Workstation 

o VHDX virtual disks (for connection to a Hyper-V virtual machine) 

This conversion is supported in a backup plan or in a separate conversion plan created on the 
Plans tab. 

Support for Windows Server 2019 with Hyper-V and Microsoft Hyper-V Server 2019 

Support for Citrix XenServer 7.6 


The boot menu (in the text form) can be used when booting a Citrix XenServer virtual machine. 


1.3.8 Backup locations 


The Acronis Storage product name changed to Acronis Cyber Infrastructure . 


1.3.9 Administering 


It is possible to add a comment to a device on the device Details pane. Devices can be searched 
and organized in dynamic groups by comments. 

Ina domain environment, local accounts on the management server are not added by default to 
the Acronis Centralized Admins group and to the organization administrators list. 

The name of the Acronis Management Server service (ams) is changed to acrmngsrv, to avoid name 
conflicts with other software services. 


.3.10 Support for new operating systems 


Support for RHEL 7.6, 8.0 (configurations with Stratis are not supported) 
Support for Ubuntu 18.10 

Support for Fedora 25, 26, 27, 28, 29 

Support for Debian 9.5, 9.6 

Support for Windows XP SP1 (x64) and SP2 (x64) is resumed 


Support for Windows XP SP2 (x86) is resumed with a special version of Agent for Windows 


1.3.11 Support for new languages 


Support for seven more languages: 


Bulgarian 
Norwegian 
Swedish 
Finnish 


Serbian 


e Malay 
e Indonesian 


1.4 What's new in Update 3.2 


1.4.1 Backup 


The capability to stop an execution of a backup plan from the Plans tab. 


1.4.2 Support for new operating systems 


e Support for Windows Server 2019 
e Support for CentOS 7.5 
e Support for ClearOS 7.4 
e Support for macOS Mojave 10.14 


1.4.3 Virtualization 


e Support for Citrix XenServer 7.3, 7.4, 7.5 
e Support for Nutanix AHV 


1.5 What's new in Update 3.1 


e The maximum number of physical machines that can be registered on a management server 
increased from 2000 to 4000. 

e The number of virtual machines that Agent for VMware or Agent for Hyper-V backs up 
simultaneously can be limited via the registry or the agent configuration file. Unlike the similar 
setting in backup plan options, this parameter limits the total number of virtual machines for all 
backup plans that the agent runs simultaneously. 


1.6 What's new in Update 3 


1.6.1 New features available in all on-premise deployments 


Backup 


e The Multi-volume snapshot backup option is available when backing up Linux. 

e The data output speed can be specified as a percentage, in addition to kilobytes per second. 

e The 'File-level security" backup option is discontinued. The NTFS permissions for files are always 
saved in file-level backups. 


e Automatic troubleshooting of VSS-related issues: 
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o When backing up disks or volumes with Agent for Windows 
After taking a VSS-based snapshot fails, before retrying, Acronis Cyber Backup analyzes the log 
and performs troubleshooting steps, if appropriate. If three consecutive retries fail, the error 
message recommends to download and use Acronis VSS Doctor. 

o When backing up Microsoft SQL Server databases 
Prior to taking a snapshot, Acronis Cyber Backup checks the SQL Server configuration for issues 
that may cause a VSS snapshot failure. If issues are found, a warning with recommendations is 
added to the log. 


Recovery 


The new recovery option Boot mode determines the boot mode (BIOS or UEFI) for the Windows 
system being recovered. 


Security 
New system settings are available to organization administrators: 


e Log out users after a configurable period of inactivity 
e Show notification about the last login of the current user 


e Warn about local or domain password expiration 


Applications 


Starting with Microsoft Exchange 2010, Exchange Server data can be backed up and recovered by 
using a less-privileged account than a member of the Organization Management role group: 


e For databases, membership in the Server Management role group is enough. 


e For mailboxes, membership in the Recipient Management role group and the enabled 
ApplicationImpersonation role are enough. 


Virtualization 


e Support for VMware vSphere 6.7 (ESXi configuration backup is not supported) 

e Recovery to the original virtual machine from a backup that contains not all disks of this machine. 
Previously, this operation was possible only under bootable media. The backup console allowed 
the recovery only if the machine's disk layout exactly matched that in the backup. 


Acronis Backup appliance 


e The 15-second timeout is removed from the Acronis Backup appliance installation menu. The 
installer waits for the user to review and confirm the settings. 

e The CentOS kernel is updated in the Acronis Backup appliance, to address the Meltdown and 
Spectre threats. 


Bootable media 
It is possible to use any supported keyboard layout when working under bootable media. The set of 


layouts is defined in the LAYOUT kernel parameter. 


Support for new operating systems 


e Linux kernel versions 4.12 - 4.15 
e Red Hat Enterprise Linux 7.5 

e Ubuntu 17.10, 18.04 

e Debian 9.3,9.4 

e Oracle Linux 7.4, 7.5 


1.6.2 New features available with the Advanced licenses only 


Backup 


The capability to configure a backup plan to use specific tape devices and tape drives. 


Applications 


Application-aware backup of Linux machines running Oracle Database. 


Administering 


The capability to create dynamic groups corresponding to Active Directory organizational units. 


1.7 What's new in Update 2 


1.7.1 New features available in all on-premise deployments 


Administering 


e Administering user accounts is available on a management server that is installed in Linux 


Installation and infrastructure 


e Acronis Backup appliance for automatic deployment of Linux, the management server, Agent for 
Linux, and Agent for VMware (Linux) on a dedicated virtual machine 

e When adding a Windows machine in the web interface, it is possible to select the name or IP 
address that the agent will use to access the management server 

e Automatic and manual checks for updates 
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Security 


e The backup console supports the HTTPS protocol out of the box 
e The management server can use a certificate issued by a trusted certificate authority, instead of 
the self-signed certificate 


e Non-root users can be added as administrators to a management server that is installed in Linux 


Scheduling backups 


e New scheduling options: 
o Waking up a machine for backup from the sleep or hibernation mode 
o Prevention of the sleep or hibernation mode during a backup 
o The option to prohibit running missed backups on a machine startup 
e New backup start conditions, handy for backing up Windows laptops and tablets: 
o Save battery power 
o Do not start when on metered connection 
o Do not start when connected to the following Wi-Fi networks 
o Check device IP address 
e Inthe Monthly schedule, selection of individual months during which backups will run 


e The capability to start a differential backup manually 


Backup locations 


e Storing each machine's backups in a folder defined by a script (for machines running Windows) 


e A locally deployed Acronis Storage can be used as a backup location 


Applications 


e Recovering Microsoft Office 365 mailboxes and mailbox items to Microsoft Exchange Server and 
vice versa 


Support for new operating systems and virtualization platforms 


e macOS High Sierra 10.13 

e Debian 9.1 and 9.2 

e Red Hat Enterprise Linux 7.4 
e CentOS 7.4 

e ALT Linux 7.0 

e Red Hat Virtualization 4.1 
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Usability improvements 


e Renaming locations on the Backups tab 
e The capability to change the vCenter Server or ESXi that is managed by Agent for VMware in 
Settings > Agents > agent details 


1.7.2 New features available with the Advanced licenses only 


Administering 


e Creating units is available on a management server that is installed in Linux 


Installation and infrastructure 


e When adding a managed location, it is possible to select whether the agents will access the storage 
node by using the server name or IP address 


Usability improvements 


e Adding a managed location can be initiated from the storage node properties panel 


Tape support 


e Full support for the LTO-8 technology. See Hardware Compatibility List for the exact names of the 
tested devices. 


1.8 What's new in Update 1 


e Support for Citrix XenServer 7.0, 7.1, 7.2, and Red Hat Virtualization 4.1 
e Support for Debian 8.6, 8.7, 8.8, 9, and Ubuntu 17.04 
e Support for Windows Storage Server 2016 
e The capability to use a PostgreSQL database with the management server under Linux 
e Autility for agent mass deployment and upgrade. 
For information about how to use this utility, refer to http://kb.acronis.com/content/60137 


1.9 What's new in Acronis Cyber Backup 12.5 


1.9.1 New features available in all on-premise deployments 


Backup 


e Anew backup format that increases the backup speed and reduces the size of backups 
e Upto five locations for replication in a backup plan 


e Conversion to a virtual machine in a backup plan 
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e Schedule by events 
e Setting conditions for backup plan execution 
e Predefined Grandfather-Father-Son (GFS) backup scheme 
e SFTP asa backup location 
e Default backup options stored on the management server 
e Selection of the backup method (full or incremental) when starting a backup manually 
e Backup options: 
o Email notifications: 
a Specify the email notifications subject 
a Notifications are now based on alerts instead of backup activity results. You can customize 
the list of alerts that trigger a notification. 
o Backup filename 


o Backup start conditions 


Recovery 


e Manual disk mapping. The capability to recover individual disks or volumes. 


Bootable media 


e Startup Recovery Manager 


Applications 


e Backing up Microsoft Exchange Server mailboxes 


Virtualization 


e The capability to assign a virtual machine to a specific agent (VM binding) 


Operations with backups 


e Mounting volumes in the read/write mode 


e ASign allows a backed-up file to be signed by several people 


Notifications and alerts 


e The capability to configure the severity of an alert (via the configuration file) 
e Device status is now derived from alerts instead of backup activity results. This covers a wider 
range of events, for example, missed backups or ransomware activities. 


Acronis Active Protection 


e Proactive protection from ransomware by detecting suspicious processes 
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Usability improvements 


e Dashboard - a customizable set of more than 20 widgets that are updated in real time 
e Anewsection in the UI shows all backup plans and other plans 


e The capability to set an encryption password in Backup Monitor 
1.9.2 New features available with the Advanced licenses only 


Administering 


e Customizable reports that can be sent or saved on a schedule 
e Roles onthe management server: create units and assign administrators to them 
e Group management: built-in and custom groups of devices 


e Acronis Notary: prove that a file is authentic and unchanged since it was backed up 


New backup locations 


e Acronis Storage Node with deduplication 


e Support for tape devices 


Bootable media 


e Working with bootable media via the backup console 
e Automated backup and recovery by execution of a predefined or custom Script 


e PXE Server for network boot 


Applications 


e Support for Database Availability Groups (DAG) in Microsoft Exchange Server 
e Support for AlwaysOn Availability Group (AAG) in Microsoft SQL Server 


e Protecting Oracle Database 


Virtualization 


e Backing up ESXi virtual machines from NetApp hardware snapshots 
e Backing up Citrix XenServer, Red Hat Virtualization (RHV/RHEV), Kernel-based Virtual Machines 
(KVM), and Oracle virtual machines (by installing an agent into the guest system) 


Operations with backups 


e Conversion to a virtual machine, validation, replication, and retention of backups can be 
performed on a schedule by a dedicated agent 


e Cataloging - a separate catalog service enables search throughout all backups in managed locations 
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2 Installation 


2.1 Installation overview 


Acronis Cyber Backup supports two methods of deployment: on-premises and cloud. The main 
difference between them is the location of Acronis Cyber Backup Management Server. 


Acronis Cyber Backup Management Server is the central point for managing all of your backups. With 
the on-premises deployment, it is installed in your local network; with the cloud deployment, it is 
located in one of the Acronis data centers. The web interface to this server is named a backup 
console. 


Acronis Cyber Backup Management Server is responsible for the communication with Cyber Backup 
Agents and performs general plan management functions. Before every backup activity, agents refer 
to the management server to verify the prerequisites. Sometimes, the connection to the 
management server could be lost, which will prevent the deployment of new backup plans. However, 
if a backup plan has already been deployed to a machine, the agent continues the backup operations 
for 30 days after the communication with the management server is lost. 


Both types of deployment require that a backup agent is installed on each machine that you want to 
back up. The supported types of storage are also the same. The cloud storage space is sold separately 
from the Acronis Cyber Backup licenses. 


2.1.1 On-premises deployment 


On-premises deployment means that all of the product components are installed in your local 
network. This is the only deployment method available with a perpetual license. Also, you have to use 
this method if your machines are not connected to the Internet. 


Acronis data center 


Cloud Storage 
=)> Software component interactions 
=> How users access the web interface 


C ] Available backup locations 


Management server 
Agent for 


w 
T 
ø 
Windows 


Administrator Cyber Protect web Local folder 


console 


Agent for 
VMware 


Agentfor Agentfor | Agent for 
Linux Mac Hyper-V 


Organization 


Management server location 
You can install the management server on a machine running either Windows or Linux. 


Installation in Windows is recommended because you will be able to deploy agents to other machines 
from the management server. With the Advanced license, it is possible to create organizational units 
and add administrators to them. This way, you can delegate backup management to other people 
whose access permissions will be strictly limited to the corresponding units. 


Installation in Linux is recommended in a Linux-only environment. You will need to install an agent 
locally on the machines that you want to back up. 


2.1.2 Cloud deployment 


Cloud deployment means that the management server is located in one of the Acronis data centers. 
The benefit of this approach is that you do not need to maintain the management server in your local 
network. You can think of Acronis Cyber Backup as of a backup service provided to you by Acronis. 


Access to the account server enables you to create user accounts, set service usage quotas for them, 
and create groups of users (units) to reflect the structure of your organization. Every user can access 
the backup console, download the required agent, and install it on their machines in minutes. 


Administrator accounts can be created at the unit or organization level. Each account has a view 
scoped to their area of control. Users have access only to their own backups. 
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The following table summarizes differences between the on-premises and cloud deployments. Each 
column lists the features that are available only in the corresponding type of deployment. 


On-premises deployment Cloud deployment 


Perpetual licenses can be used Cloud-to-cloud backup of Microsoft Office 365 data, 
On-premises management server including protection of groups, public folders, OneDrive 


Backup and disk management in and SharePoint Online data 
bootable media Cloud-to-cloud backup of G Suite data 


SFTP server as a backup location Agent for Virtuozzo (backup of Virtuozzo virtual machines 


Acronis Cyber Infrastructure as a at a hypervisor level) 
backup location Disaster recovery as a cloud service** 


Tape devices and Acronis Storage 
Nodes as backup locations* 


Off-host data processing* 


Conversion of a backup to a virtual 
machine 

Upgrade from previous versions of 
Acronis Cyber Backup, including Acronis 
Backup for VMware 

Participation in the Acronis Customer 
Experience Program 


* The feature is not available in the Standard edition. 


** The feature is available only in the Disaster Recovery edition. 
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2.2 Components 


2.2.1 Agents 


Agents are applications that perform data backup, recovery, and other operations on the machines 
managed by Acronis Cyber Backup. 


Choose an agent, depending on what you are going to back up. The following table summarizes the 
information, to help you decide. 


Note that Agent for Windows is installed along with Agent for Exchange, Agent for SQL, Agent for 
Active Directory, and Agent for Oracle. If you install, for example, Agent for SQL, you also will be able 
to back up the entire machine where the agent is installed. 


Agent availability 


What are you going to | Which agent 


à Where to install it? 
back up? to install? 


Physical machines 


Disks, volumes, and 

files on physical Agent for 
machines running Windows 
Windows 


Disks, volumes, and 
files on physical Agent for Linux | On the machine that will be backed up 
machines running Linux 


Disks, volumes, and 
files on physical 

; , Agent for Mac 
machines running 


macOS 
Applications 


SQL databases Agent for SQL On the machine running Microsoft SQL 
Server 


On the machine running the Mailbox 
role of Microsoft Exchange Server* 


Exchange databases Agent for If only mailbox backup is required, the 


: agent can be installed on any Windows 
and mailboxes Exchange 8 i y mailbox 
machine that has network access to 

backup 


the machine running the Client Access 
role of Microsoft Exchange Server 


Microsoft Office 365 On a Windows machine that is 


Machines running Agent for On the domain controller 
Active Directory Active 
Domain Services Directory 


Machines running Agent for On the machine running Oracle 
Oracle Database Oracle Database 


ae 
a 


Virtual machines 


VMware ESXi virtual Agent for On a Windows machine that has 
machines VMware network access to vCenter Server and 
(Windows) to the virtual machine storage** 


Agent for On the ESXi host 
VMware 

(Virtual 

Appliance) 


Hyper-V virtual Agent for On the Hyper-V host 
machines Hyper-V 


Virtual machines hosted 
on Windows Azure 


Virtual machines hosted 
on Amazon EC2 


Citrix XenServer virtual 
machines 


; ae The same as 
Red Hat Virtualization 


(RHV/RHEV) virtual 
machines 


for physical On the machine that will be backed up 
machines*** 


Kernel-based Virtual 
Machines (KVM) 


Oracle virtual machines 


Nutanix AHV virtual 
machines 


| 


Mobile devices 


Mobile devices running | Mobile app for 


Android Android On the mobile device that will be 


Mobile devices running | Mobile app for backed up 


iOS iOS 


pfs 


*During the installation, Agent for Exchange checks for enough free space on the machine where it 
will run. Free space equal to 15 percent of the biggest Exchange database is temporarily needed 
during a granular recovery. 


**If your ESXi uses a SAN attached storage, install the agent on a machine connected to the same 
SAN. The agent will back up the virtual machines directly from the storage rather than via the ESXi 
host and LAN. For detailed instructions, refer to "LAN-free backup". 


*** A virtual machine is considered virtual if it is backed up by an external agent. If an agent is 
installed in the guest system, the backup and recovery operations are the same as with a physical 
machine. Nevertheless, the machine is counted as virtual when you set quotas for the number of 


machines in a cloud deployment. 


**kEWith an Acronis Cyber Backup Advanced Virtual Host license, these virtual machines are 
considered as virtual (per host licensing is used). With an Acronis Cyber Backup Virtual Host license, 
these machines are considered as physical (per machine licensing is used). 


2.2.2 Other components 


Component 


Management 
Server 


Components for 
Remote Installation 


Monitoring Service 


Bootable Media 


Builder 


Command-Line 
Tool 


Backup Monitor 


Storage Node 


Catalog Service 


Manages the agents. Provides 


the web interface to users. 


Saves agent installation 
packages to a local folder 


Provides the dashboard and 
reporting functionality 


Creates bootable media 


Provides the command-line 
interface 


Enables users to monitor 
backups outside the web 
interface 


Stores backups. Is required 
for cataloging and 
deduplication. 


Performs cataloging of 
backups on storage nodes 


Where to install it? 


Ona machine running 
Windows or Linux 


On the Windows machine 
running the management 
server 


On the machine running the 
management server 


On a machine running 
Windows or Linux 


Ona machine running 
Windows or Linux 


On a machine running 
Windows or macOS 


On a machine running 
Windows 


Ona machine running 
Windows 


Availability 


PXE Server Enables booting machines Ona machine running 


into bootable media through | Windows 
the network 


2.3 Software requirements 


2.3.1 Supported web browsers 
The web interface supports the following web browsers: 


e Google Chrome 29 or later 
e Mozilla Firefox 23 or later 
e Opera 16 or later 
e Windows Internet Explorer 10 or later 
In cloud deployments, the management portal supports Internet Explorer 11 or later. 
e Microsoft Edge 25 or later 


e Safari 8 or later running in the macOS and iOS operating systems 


In other web browsers (including Safari browsers running in other operating systems), the user 
interface might be displayed incorrectly or some functions may be unavailable. 


2.3.2 Supported operating systems and environments 


Agents 


Agent for Windows 


e Windows XP Professional SP1 (x64), SP2 (x64), SP3 (x86) 

e Windows XP Professional SP2 (x86) - supported with a special version of Agent for Windows. For 
details and limitations of this support, refer to "Agent for Windows XP SP2". 

e Windows XP Embedded SP3 

e Windows Server 2003 SP1/2003 R2 and later - Standard and Enterprise editions (x86, x64) 

e Windows Small Business Server 2003/2003 R2 

e Windows Vista - all editions 

e Windows Server 2008 - Standard, Enterprise, Datacenter, Foundation, and Web editions (x86, x64) 

e Windows Small Business Server 2008 

e Windows 7 - all editions 

e Windows Server 2008 R2 - Standard, Enterprise, Datacenter, Foundation, and Web editions 

e Windows Home Server 2011 

e Windows MultiPoint Server 2010/2011/2012 

e Windows Small Business Server 2011 - all editions 

e Windows 8/8.1 - all editions (x86, x64), except for the Windows RT editions 


e Windows Server 2012/2012 R2 - all editions 
e Windows Storage Server 2003/2008/2008 R2/2012/2012 R2/2016 


e Windows 10 - Home, Pro, Education, Enterprise, IoT Enterprise, and LTSC (formerly LTSB) editions, 
up to version 20H2 (build 19042.x) 


e Windows Server 2016 - all installation options, except for Nano Server 


e Windows Server 2019 - all installation options, except for Nano Server, up to version 20H2 (build 
19042.x) 


Agent for SQL, Agent for Exchange (for database backup and application-aware 
backup), Agent for Active Directory 


Each of these agents can be installed on a machine running any operating system listed above and a 
supported version of the respective application, with the following exception: 


e Agent for SQL is not supported for on-premises deployment on Windows 7 Starter and Home 
editions (x86, x64) 


Agent for Exchange (for mailbox backup) 


This agent can be installed on a machine with or without Microsoft Exchange Server. 


e Windows Server 2008 - Standard, Enterprise, Datacenter, Foundation, and Web editions (x86, x64) 
e Windows Small Business Server 2008 

e Windows 7 - all editions 

e Windows Server 2008 R2 - Standard, Enterprise, Datacenter, Foundation, and Web editions 
e Windows MultiPoint Server 2010/2011/2012 

e Windows Small Business Server 2011 - all editions 

e Windows 8/8.1 - all editions (x86, x64), except for the Windows RT editions 

e Windows Server 2012/2012 R2 - all editions 

e Windows Storage Server 2008/2008 R2/2012/2012 R2 

e Windows 10 - Home, Pro, Education, and Enterprise editions 

e Windows Server 2016 - all installation options, except for Nano Server 


e Windows Server 2019 - all installation options, except for Nano Server 


Agent for Office 365 


e Windows Server 2008 - Standard, Enterprise, Datacenter, Foundation, and Web editions (x64 only) 
e Windows Small Business Server 2008 

e Windows Server 2008 R2 - Standard, Enterprise, Datacenter, Foundation, and Web editions 

e Windows Home Server 2011 

e Windows Small Business Server 2011 - all editions 

e Windows 8/8.1 - all editions (x64 only), except for the Windows RT editions 

e Windows Server 2012/2012 R2 - all editions 

e Windows Storage Server 2008/2008 R2/201 2/2012 R2/2016 (x64 only) 


Windows 10 - Home, Pro, Education, and Enterprise editions (x64 only) 
Windows Server 2016 - all installation options (x64 only), except for Nano Server 


Windows Server 2019 - all installation options (x64 only), except for Nano Server 


Agent for Oracle 


Windows Server 2008R2 - Standard, Enterprise, Datacenter, and Web editions (x86, x64) 
Windows Server 2012R2 - Standard, Enterprise, Datacenter, and Web editions (x86, x64) 
Linux - any kernel and distribution supported by Agent for Linux (listed below) 


Agent for Linux 


Linux with kernel from 2.6.9 to 5.1 and glibc 2.3.4 or later, including the following x86 and x86_64 
distributions: 


Red Hat Enterprise Linux 4.x, 5.x, 6.x, 7.0, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.7, 7.8, 7.9, 8.0%, 8.1%, 8.2* 
Ubuntu 9.10, 10.04, 10.10, 11.04, 11.10, 12.04, 12.10, 13.04, 13.10, 14.04, 14.10, 15.04, 15.10, 
16.04, 16.10, 17.04, 17.10, 18.04, 18.10, 19.04, 19.10, 20.04 

Fedora 11,12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31 

SUSE Linux Enterprise Server 10 and 11 

SUSE Linux Enterprise Server 12 - supported on file systems, except for Btrfs 

Debian 4, 5, 6, 7.0, 7.2, 7.4, 7.5, 7.6, 7.7, 8.0, 8.1, 8.2, 8.3, 8.4, 8.5, 8.6, 8.7, 8.8, 8.11, 9.0, 9.1, 9.2, 
9.3, 9.4, 9.5, 9.6,9.7, 9.8, 10 

CentOS 5.x, 6.x, 7, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.8, 7.9, 8.0, 8.1, 8.2 

Oracle Linux 5.x, 6.x, 7.0, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.8, 8.0, 8.1, 8.2 - both Unbreakable 
Enterprise Kernel and Red Hat Compatible Kernel 

CloudLinux 5.x, 6.x, 7, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.7, 7.8, 8.2 

ClearOS 5.x, 6.x, 7, 7.1, 7.4, 7.5, 7.6 

ALT Linux 7.0 


Before installing the product on a system that does not use RPM Package Manager, such as an 
Ubuntu system, you need to install this manager manually; for example, by running the following 


command (as the root user): apt-get install rpm 


* Configurations with Stratis are not supported. 


Agent for Mac 


OS X Mavericks 10.9 

OS X Yosemite 10.10 
OS X El Capitan 10.11 
macOS Sierra 10.12 
macOS High Sierra 10.13 
macOS Mojave 10.14 
macOS Catalina 10.15 


Agent for VMware (Virtual Appliance) 
This agent is delivered as a virtual appliance for running on an ESXi host. 


VMware ESXi 4.1, 5.0, 5.1, 5.5, 6.0, 6.5, 6.7, 7.0 


Agent for VMware (Windows) 


This agent is delivered as a Windows application for running in any operating system listed above for 
Agent for Windows with the following exceptions: 


e 32-bit operating systems are not supported. 


e Windows XP, Windows Server 2003/2003 R2, and Windows Small Business Server 2003/2003 R2 
are not supported. 


Agent for Hyper-V 


e Windows Server 2008 (x64 only) with Hyper-V role, including Server Core installation mode 
e Windows Server 2008 R2 with Hyper-V role, including Server Core installation mode 

e Microsoft Hyper-V Server 2008/2008 R2 

e Windows Server 2012/2012 R2 with Hyper-V role, including Server Core installation mode 
e Microsoft Hyper-V Server 2012/2012 R2 

e Windows 8, 8.1 (x64 only) with Hyper-V 

e Windows 10 - Pro, Education, and Enterprise editions with Hyper-V 

e Windows Server 2016 with Hyper-V role - all installation options, except for Nano Server 
e Microsoft Hyper-V Server 2016 

e Windows Server 2019 with Hyper-V role - all installation options, except for Nano Server 
e Microsoft Hyper-V Server 2019 


Management Server (for on-premises deployment only) 


In Windows 


e Windows Server 2008 - Standard, Enterprise, Datacenter, and Foundation editions (x86, x64) 
e Windows Small Business Server 2008 

e Windows 7 - all editions (x86, x64) 

e Windows Server 2008 R2 - Standard, Enterprise, Datacenter, and Foundation editions 

e Windows Home Server 2011 

e Windows MultiPoint Server 2010/2011/2012 

e Windows Small Business Server 2011 - all editions 

e Windows 8/8.1 - all editions (x86, x64), except for the Windows RT editions 

e Windows Server 2012/2012 R2 - all editions 

e Windows Storage Server 2008/2008 R2/2012/2012 R2/2016 


Windows 10 - Home, Pro, Education, Enterprise, and loT Enterprise editions, up to version 20H2 
(build 19042.x) 

Windows Server 2016 - all installation options, except for Nano Server 

Windows Server 2019 - all installation options, except for Nano Server, up to version 20H2 (build 
19042.x) 


In Linux 


Linux with kernel from 2.6.23 to 5.1 and glibc 2.3.4 or later, including the following x86_64 
distributions: 


Red Hat Enterprise Linux 6.x, 7.0, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.7, 7.8, 7.9, 8.0%, 8.1%, 8.2* 
Ubuntu 9.10, 10.04, 10.10, 11.04, 11.10, 12.04, 12.10, 13.04, 13.10, 14.04, 14.10, 15.04, 15.10, 
16.04, 16.10, 17.04, 17.10, 18.04, 18.10, 19.04, 19.10, 20.04 

Fedora 11,12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31 

SUSE Linux Enterprise Server 11, 12 

Debian 5.x, 6.x, 7.0, 7.2, 7.4, 7.5, 7.6, 7.7, 8.0, 8.1, 8.2, 8.3, 8.4, 8.5, 8.6, 8.7, 8.8, 8.11, 9.0, 9.1, 
9.2,9.3,9.4,9.5, 9.6, 9.7, 9.8, 10 

CentOS 6.x, 7, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.8, 7.9, 8.0, 8.1, 8.2 

Oracle Linux 6.x, 7.0, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.8, 8.0, 8.1, 8.2 - both Unbreakable Enterprise 
Kernel and Red Hat Compatible Kernel 

CloudLinux 6.x, 7, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.7, 7.8, 8.2 

ALT Linux 7.0 


* Configurations with Stratis are not supported. 


Storage Node (for on-premises deployment only) 


Windows Server 2008 - Standard, Enterprise, Datacenter, and Foundation editions (x64 only) 
Windows Small Business Server 2008 

Windows 7 - all editions (x64 only) 

Windows Server 2008 R2 - Standard, Enterprise, Datacenter, and Foundation editions 
Windows Home Server 2011 

Windows MultiPoint Server 2010/2011/2012 

Windows Small Business Server 2011 - all editions 

Windows 8/8.1 - all editions (x64 only), except for the Windows RT editions 

Windows Server 2012/2012 R2 - all editions 

Windows Storage Server 2008/2008 R2/2012/2012 R2/2016 

Windows 10 - Home, Pro, Education, Enterprise, and loT Enterprise editions 

Windows Server 2016 - all installation options, except for Nano Server 


Windows Server 2019 - all installation options, except for Nano Server 


Agent for Windows XP SP2 
Agent for Windows XP SP2 supports only the 32-bit version of Windows XP SP2. 


To protect machines running Windows XP SP1 (x64), Windows XP SP2 (x64), or Windows XP SP3 
(x86), use the regular Agent for Windows. 


Installation 


Agent for Windows XP SP2 requires at least 550 MB of disk space and 150 MB of RAM. While backing 
up, the agent typically consumes about 350 MB of memory. The peak consumption may reach 2 GB, 
depending on the amount of data being processed. 


Agent for Windows XP SP2 can be installed only locally on the machine that you want to back up. To 
download the agent setup program, click the account icon in the top-right corner, and then click 
Downloads > Agent for Windows XP SP2. 


Backup Monitor and Bootable Media Builder cannot be installed. To download the bootable media 
ISO file, click the account icon in the top-right corner > Downloads > Bootable media. 


Update 


Agent for Windows XP SP2 does not support the remote update functionality. To update the agent, 
download the new version of the setup program, and then repeat the installation. 


If you updated Windows XP from SP2 to SP3, uninstall Agent for Windows XP SP2, and then install 
the regular Agent for Windows. 


Limitations 


e Only disk-level backup is available. Individual files can be recovered from a disk or volume backup. 
e Schedule by events is not supported. 
e Conditions for backup plan execution are not supported. 
e Only the following backup destinations are supported: 
o Cloud storage 
o Local folder 
o Network folder 
o Secure Zone 
e The Version 12 backup format and the features that require the Version 12 backup format are 
not supported. In particular, physical data shipping is not available. The Performance and 
backup window option, if enabled, applies only the green-level settings. 
e Selection of individual disks/volumes for recovery and manual disk mapping during a recovery are 
not supported in the web interface. This functionality is available under bootable media. 
e Off-host data processing is not supported. 


e Agent for Windows XP SP2 cannot perform the following operations with backups: 


o Converting backups to a virtual machine 
o Mounting volumes from a backup 
o Extracting files from a backup 
o Export and manual validation of a backup. 
You can perform these operations by using another agent. 
e Backups created by Agent for Windows XP SP2 cannot be run as a virtual machine. 


2.3.3 Supported Microsoft SQL Server versions 


e Microsoft SQL Server 2019 
e Microsoft SQL Server 2017 
e Microsoft SQL Server 2016 
e Microsoft SQL Server 2014 
e Microsoft SQL Server 2012 
e Microsoft SQL Server 2008 R2 
e Microsoft SQL Server 2008 
e Microsoft SQL Server 2005 


2.3.4 Supported Microsoft Exchange Server versions 


e Microsoft Exchange Server 2019 - all editions. 

e Microsoft Exchange Server 2016 - all editions. 

e Microsoft Exchange Server 2013 - all editions, Cumulative Update 1 (CU1) and later. 

e Microsoft Exchange Server 2010 - all editions, all service packs. Mailbox backup and granular 
recovery from database backups are supported starting with Service Pack 1 (SP1). 

e Microsoft Exchange Server 2007 - all editions, all service packs. Mailbox backup and granular 
recovery from database backups are not supported. 


2.3.5 Supported Microsoft SharePoint versions 
Acronis Cyber Backup 12.5 supports the following Microsoft SharePoint versions: 


e Microsoft SharePoint 2013 

e Microsoft SharePoint Server 2010 SP1 

e Microsoft SharePoint Foundation 2010 SP1 

e Microsoft Office SharePoint Server 2007 SP2* 


e Microsoft Windows SharePoint Services 3.0 SP2* 


*In order to use SharePoint Explorer with these versions, you need a SharePoint recovery farm to 
attach the databases to. 


The backups or databases from which you extract data must originate from the same SharePoint 
version as the one where SharePoint Explorer is installed. 


2.3.6 Supported Oracle Database versions 


e Oracle Database version 11g, all editions 


e Oracle Database version 12c, all editions. 


Only single-instance configurations are supported. 


2.3.7 Supported SAP HANA versions 


HANA 2.0 SPS 03 installed in RHEL 7.6 running on a physical machine or VMware ESXi virtual 
machine. 


Because SAP HANA does not support recovery of multitenant database containers by using storage 
snapshots, this solution supports SAP HANA containers with only one tenant database. 


2.3.8 Supported virtualization platforms 


The following table summarizes how various virtualization platforms are supported. 


Backup ata Backup from 
hypervisor level | inside a guest OS 
(agentless 
backup) 


VMware vSphere versions: 4.1, 5.0, 5.1, 5.5, 6.0, 6.5, 6.7, 7.0 

VMware vSphere editions: 

VMware vSphere Essentials* 

VMware vSphere Essentials Plus* 

VMware vSphere Standard* + + 
VMware vSphere Advanced 

VMware vSphere Enterprise 

VMware vSphere Enterprise Plus 


VMware Server (VMware Virtual server) 

VMware Workstation 

VMware ACE i 
VMware Player 


Windows Server 2008 R2 with Hyper-V 
Microsoft Hyper-V Server 2008/2008 R2 
Windows Server 2012/2012 R2 with Hyper-V 
Microsoft Hyper-V Server 2012/2012 R2 
Windows 8, 8.1 (x64) with Hyper-V 

Windows 10 with Hyper-V 


Windows Server 2016 with Hyper-V - all installation options, 
except for Nano Server 


Microsoft Hyper-V Server 2016 


Windows Server 2019 with Hyper-V - all installation options, 


except for Nano Server 


Microsoft Hyper-V Server 2019 


Microsoft Virtual PC 2004 and 2007 


Windows Virtual PC 
Microsoft Virtual Server 2005 
Citrix 


Citrix XenServer 4.1.5, 5.5, 5.6, 6.0, 6.1, 6.2, 6.5, 7.0, 7.1, 7.2, 
7.3, 7.4, 7.5, 7.6 


Red Hat and Linux 


Red Hat Enterprise Virtualization (RHEV) 2.2, 3.0, 3.1, 3.2, 3.3, 
3.4, 3.5, 3.6 


Red Hat Virtualization (RHV) 4.0, 4.1 


Parallels Workstation 


Parallels Server 4 Bare Metal 


Oracle VM Server 3.0, 3.3, 3.4 


Only fully 
virtualized (aka 
HVM) guests. 
Paravirtualized 
(aka PV) guests are 
not supported. 


Only fully 
virtualized (aka 
HVM) guests. 


Paravirtualized 
(aka PV) guests are 
not supported. 


Oracle VM VirtualBox 4.x 


Nutanix Acropolis Hypervisor (AHV) 20160925.x through E 
20180425.x 


Amazon EC2 instances 


Microsoft Azure 


Azure virtual machines 


* In these editions, the HotAdd transport for virtual disks is supported on vSphere 5.0 and later. On 
version 4.1, backups may run slower. 


** Backup at a hypervisor level is not supported for vSphere Hypervisor because this product 
restricts access to Remote Command Line Interface (RCLI) to read-only mode. The agent works during 
the vSphere Hypervisor evaluation period while no serial key is entered. Once you enter a serial key, 
the agent stops functioning. 


Limitations 


- Fault tolerant machines 
Agent for VMware backs up a fault tolerant machine only if fault tolerance was enabled in VMware 
vSphere 6.0 and later. If you upgraded from an earlier vSphere version, it is enough to disable and 
enable fault tolerance for each machine. If you are using an earlier vSphere version, install an agent 
in the guest operating system. 

e Independent disks and RDM 
Agent for VMware does not back up Raw Device Mapping (RDM) disks in physical compatibility 
mode or independent disks. The agent skips these disks and adds warnings to the log. You can 
avoid the warnings by excluding independent disks and RDMs in physical compatibility mode from 
the backup plan. If you want to back up these disks or data on these disks, install an agent in the 
guest operating system. 

e Pass-through disks 
Agent for Hyper-V does not back up pass-through disks. During backup, the agent skips these 
disks and adds warnings to the log. You can avoid the warnings by excluding pass-through disks 
from the backup plan. If you want to back up these disks or data on these disks, install an agent in 
the guest operating system. 

e Hyper-V guest clustering 


Agent for Hyper-V does not support backup of Hyper-V virtual machines that are nodes of a 
Windows Server Failover Cluster. A VSS snapshot at the host level can even temporarily disconnect 
the external quorum disk from the cluster. If you want to back up these machines, install agents in 
the guest operating systems. 

e In-guest iSCSI connection 

Agent for VMware and Agent for Hyper-V do not back up LUN volumes connected by an iSCSI 

initiator that works within the guest operating system. Because the ESXi and Hyper-V hypervisors 

are not aware of such volumes, the volumes are not included in hypervisor-level snapshots and are 
omitted from a backup without a warning. If you want to back up these volumes or data on these 
volumes, install an agent in the guest operating system. 

e Linux machines containing logical volumes (LVM) 

Agent for VMware and Agent for Hyper-V do not support the following operations for Linux 

machines with LVM: 

o P2V and V2P migration. Use Agent for Linux or bootable media to create the backup and 
bootable media to recover. 

o Running a virtual machine from a backup created by Agent for Linux or bootable media. 

o Converting a backup created by Agent for Linux or bootable media to a virtual machine. 

- Encrypted virtual machines (introduced in VMware vSphere 6.5) 

o Encrypted virtual machines are backed up in an unencrypted state. If encryption is critical to 
you, enable encryption of backups when creating a backup plan. 

o Recovered virtual machines are always unencrypted. You can manually enable encryption after 
the recovery is complete. 

o If you back up encrypted virtual machines, we recommend that you also encrypt the virtual 
machine where Agent for VMware is running. Otherwise, operations with encrypted machines 
may be slower than expected. Apply the VM Encryption Policy to the agent's machine by 
using vSphere Web Client. 

o Encrypted virtual machines will be backed up via LAN, even if you configure the SAN transport 
mode for the agent. The agent will fall back on the NBD transport because VMware does not 
support SAN transport for backing up encrypted virtual disks. 

e Secure Boot (introduced in VMware vSphere 6.5) 

Secure Boot is disabled after a virtual machine is recovered as a new virtual machine. You can 

manually enable this option after the recovery is complete. 


e ESXi configuration backup is not supported for VMware vSphere 6.7 and 7.0. 


2.3.9 Linux packages 


To add the necessary modules to the Linux kernel, the setup program needs the following Linux 
packages: 


e The package with kernel headers or sources. The package version must match the kernel version. 
e The GNU Compiler Collection (GCC) compiler system. The GCC version must be the one with which 
the kernel was compiled. 


e The Make tool. 

e The Perl interpreter. 

e The libelf-dev, libelf-devel, or elfutils-libelf-devel libraries for building kernels starting 
with 4.15 and configured with CONFIG_UNWINDER_ORC=y. For some distributions, such as 
Fedora 28, they need to be installed separately from kernel headers. 


The names of these packages vary depending on your Linux distribution. 


In Red Hat Enterprise Linux, CentOS, and Fedora, the packages normally will be installed by the setup 
program. In other distributions, you need to install the packages if they are not installed or do not 
have the required versions. 


Are the required packages already installed? 
To check whether the packages are already installed, perform these steps: 
1. Run the following command to find out the kernel version and the required GCC version: 
cat /proc/version 
This command returns lines similar to the following: Linux version 2.6.35.6and gcc version 


4.5.1 
2. Run the following command to check whether the Make tool and the GCC compiler are installed: 


make -v 
ee =y 


For gcc, ensure that the version returned by the command is the same as in the gcc version in 
step 1. For make, just ensure that the command runs. 
3. Check whether the appropriate version of the packages for building kernel modules is installed: 


e In Red Hat Enterprise Linux, CentOS, and Fedora, run the following command: 


yum list installed | grep kernel-devel 


e In Ubuntu, run the following commands: 


dpkg --get-selections | grep linux-headers 
dpkg --get-selections | grep linux-image 


In either case, ensure that the package versions are the same as in Linux version in step 1. 
4. Run the following command to check whether the Perl interpreter is installed: 
perl --version 
If you see the information about the Perl version, the interpreter is installed. 


5. In Red Hat Enterprise Linux, CentOS, and Fedora, run the following command to check whether 
elfutils-libelf-devel is installed: 


yum list installed | grep elfutils-libelf-devel 


If you see the information about the library version, the library is installed. 


Installing the packages from the repository 


The following table lists how to install the required packages in various Linux distributions. 


Linux distribution How to install 


Red Hat Enterprise Linux | kernel-devel The setup program will download and install the 
gcc packages automatically by using your Red Hat 
make subscription. 
elfutils-libelf-devel 


Run the following command: 


yum install perl 


CentOS kernel-devel The setup program will download and install the 
cc k t tically. 
Fedora g packages automatically. 
make 


elfutils-libelf-devel 


Run the following command: 


yum install perl 


Ubuntu linux-headers Run the following commands: 

linux-image 

gcc sudo apt-get update 

sudo apt-get install linux-headers-$(uname 
-r) 

sudo apt-get install linux-image-$(uname - 
r) 

sudo apt-get install gcc-<package version> 
sudo apt-get install make 

sudo apt-get install perl 


Debian 


make 
perl 


SUSE Linux kernel-source 
gcc 


zypper install kernel-source 
zypper install gcc 
make zypper install make 
perl zypper install perl 


OpenSUSE 


The packages will be downloaded from the distribution's repository and installed. 


For other Linux distributions, please refer to the distribution's documentation regarding the exact 
names of the required packages and the ways to install them. 


Installing the packages manually 
You may need to install the packages manually if: 


e The machine does not have an active Red Hat subscription or Internet connection. 


e The setup program cannot find the kernel-devel or gcc version corresponding to the kernel 
version. If the available kernel-devel is more recent than your kernel, you need to either update 
the kernel or install the matching kernel-devel version manually. 


e You have the required packages on the local network and do not want to spend time for automatic 
search and downloading. 


Obtain the packages from your local network or a trusted third-party website, and install them as 
follows: 


e In Red Hat Enterprise Linux, CentOS, or Fedora, run the following command as the root user: 


rpm -ivh PACKAGE_FILE1 PACKAGE_FILE2 PACKAGE_FILE3 


e In Ubuntu, run the following command: 


sudo dpkg -i PACKAGE_FILE1 PACKAGE_FILE2 PACKAGE_FILE3 


Example: Installing the packages manually in Fedora 14 


Follow these steps to install the required packages in Fedora 14 on a 32-bit machine: 
1. Run the following command to determine the kernel version and the required GCC version: 


cat /proc/version 


The output of this command includes the following: 


Linux version 2.6.35.6-45.fc14.i686 
gcc version 4.5.1 


2. Obtain the kernel-devel and gcc packages that correspond to this kernel version: 


kernel-devel-2.6.35.6-45.fc14.i1686.rpm 
gcc-4.5.1-4.fc14.1686.rpm 


3. Obtain the make package for Fedora 14: 


make-3.82-3.fc14.i686 


4. Install the packages by running the following commands as the root user: 


rpm -ivh kernel-devel-2.6.35.6-45.fc14.1686. rpm 
rpm -ivh gcc-4.5.1.fc14.i1686.rpm 
rpm -ivh make-3.82-3.fc14. 1686 


You can specify all these packages in a single rpm command. Installing any of these packages may 
require installing additional packages to resolve dependencies. 


2.3.10 Compatibility with encryption software 


There are no limitations on backing up and recovering data that is encrypted by file-leve/ encryption 
software. 


Disk-level encryption software encrypts data on the fly. This is why data contained in the backup is 
not encrypted. Disk-level encryption software often modifies system areas: boot records, or partition 
tables, or file system tables. These factors affect disk-level backup and recovery, the ability of the 
recovered system to boot and access to Secure Zone. 


You can back up the data encrypted by the following disk-level encryption software: 


e Microsoft BitLocker Drive Encryption 
e McAfee Endpoint Encryption 
e PGP Whole Disk Encryption. 


To ensure reliable disk-level recovery, follow the common rules and software-specific 
recommendations. 


Common installation rule 


The strong recommendation is to install the encryption software before installing the backup agents. 


The way of using Secure Zone 


Secure Zone must not be encrypted with disk-level encryption. This is the only way to use Secure 
Zone: 


1. Install the encryption software; then, install the agent. 
2. Create Secure Zone. 
3. Exclude Secure Zone when encrypting the disk or its volumes. 


Common backup rule 


You can do a disk-level backup in the operating system. Do not try to back up using bootable media. 
Software-specific recovery procedures 


Microsoft BitLocker Drive Encryption 


To recover a system that was encrypted by BitLocker: 


1. Boot from the bootable media. 


2. Recover the system. The recovered data will be unencrypted. 


3. Reboot the recovered system. 


4. Turnon BitLocker. 


If you only need to recover one partition of a multi-partitioned disk, do so under the operating 
system. Recovery under bootable media may make the recovered partition undetectable for 
Windows. 


McAfee Endpoint Encryption and PGP Whole Disk Encryption 
You can recover an encrypted system partition by using bootable media only. 


If the recovered system fails to boot, rebuild Master Boot Record as described in the following 
Microsoft knowledge base article: https://support. microsoft.com/kb/2622803 


2.4 System requirements 


The following table summarizes disk space and memory requirements for typical installation cases. 
The installation is performed with the default settings. 


Components to be installed Occupied Minimum 
disk space memory 
consumption 


Agent for Windows 850 MB 150 MB 


Agent for Windows and one of the following agents: 950 MB 170 MB 
e Agent for SQL 

e Agent for Exchange 

Agent for Windows and one of the following agents: 1170 MB 180 MB 
e Agent for VMware (Windows) 

e Agent for Hyper-V 


Agent for Office 365 
Agent for Linux 
For on-premises deployments only 

Management Server in Windows 1.7 GB 200 MB 
Management Server in Linux 
Management Server and Agent for Windows 


Management Server and agents on a machine running Windows, 3.35 GB 400 MB 
Microsoft SQL Server, Microsoft Exchange Server, and Active Directory 
Domain Services 


Management Server and Agent for Linux 


Storage Node and Agent for Windows 

e 64-bit platform only 

e Touse deduplication, minimum 8 GB of RAM are required. For more 
information, see "Deduplication best practices". 


While backing up, an agent typically consumes about 350 MB of memory (measured during a 500-GB 
volume backup). The peak consumption may reach 2 GB, depending on the amount and type of data 


being processed. 
Backing up to big archives (600 GB or more) requires about 1GB of RAM per 1TB of archive size. 
Bootable media or a disk recovery with a reboot requires at least 1 GB of memory. 


A management server with one registered machine consumes 200 MB of memory. Each of the newly 
registered machines adds about 2 MB. Thus, a server with 100 registered machines consumes 
approximately 400 MB above the operating system and running applications. The maximum number 
of registered machines is 900-1000. This limitation originates from the management server's 
embedded SQLite. 


You can overcome this limitation by specifying an external Microsoft SQL Server instance during the 
management server installation. With an external SQL database, up to 8000 machines can be 
registered without significant performance degradation. The SQL Server will then consume about 8 
GB of RAM. For better backup performance, we recommend managing the machines by groups, with 
up to 500 machines in each. 


2.5 Supported file systems 


A protection agent can back up any file system that is accessible from the operating system where the 
agent is installed. For example, Agent for Windows can back up and recover an ext4 file system if the 
corresponding driver is installed in Windows. 


The following table summarizes the file systems that can be backed up and recovered. The limitations 
apply to both the agents and bootable media. 


Supported by 


: Linux- 
File system WinPE Mac Limitations 


based 
bootable bootable 
i bootable : 
media : media 
media 


FAT16/32 
NTFS All agents 
ext2/ext3/ext4 


Agent for 
Mac 


Agent for 
Linux 


No limitations 


Supported starting 
with macOS High 
Sierra 10.13 


Disk configuration 
should be re- 
created manually 
when recovering to 
a non-original 
machine or bare 
metal 


Files cannot be 
excluded from a 
disk backup 


Fast incremental/ 
differential backup 
cannot be enabled 


Files cannot be 
excluded from a 
disk backup 


Fast incremental/ 


ReiserFS4 


differential backup 
cannot be enabled 
Volumes cannot be 
resized during a 
recovery 


No limitations 


: Agent for 
Linux swap ae 
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+ 


e Only disk/volume 


Bootable backup is supported 


media Files cannot be 


cannot be excluded from a 


used for backup 


recovery if Individual files 


the backup cannot be 


is stored on recovered from a 


exFAT backup 


The software automatically switches to the sector-by-sector mode when backing up drives with 
unrecognized or unsupported file systems. A sector-by-sector backup is possible for any file system 
that: 


e is block-based 
e spans a single disk 


e has a standard MBR/GPT partitioning scheme 


If the file system does not meet these requirements, the backup fails. 


Data Deduplication 


In Windows Server 2012 and later, you can enable the Data Deduplication feature for an NTFS 
volume. Data Deduplication reduces the used space on the volume by storing duplicate fragments of 
the volume's files only once. 


You can back up and recover a data deduplication-enabled volume at a disk level, without limitations. 
File-level backup is supported, except when using Acronis VSS Provider. To recover files from a disk 
backup, either run a virtual machine from your backup, or mount the backup on a machine running 
Windows Server 2012 or later, and then copy the files from the mounted volume. 


The Data Deduplication feature of Windows Server is unrelated to the Acronis Backup Deduplication 
feature. 


2.6 On-premises deployment 


An on-premises deployment includes a number of software components that are described in the 
"Components" section. The diagram below illustrates the component interaction and the ports 
required for this interaction. 
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2.6.1 Legend 


The arrow direction shows which component initiates the connection. Note that all ports are TCP 
unless otherwise specified. 


1. 11. 


Download installation components: 80 to Receive catalog metadata: 9200 
dl.acronis.com 


2. 12. 


Sync subscription licenses: 443 to 


@ e Manage Acronis Storage Node: 7780 ZMQ © 
account.acronis.com 


e Register Acronis Storage Node and manage 
tasks: TCP 9877 


3. 13. 


Manage environment: 9877 © Backup to managed location: 9876, 9852 @) 


49 © Acronis International GmbH, 2003-2021 


4. 14. 


Access via remote command line (acrocmd, e SMB: UDP 137, UDP 138 and TCP 139, TCP 445 
acropsh): 9851 e SFTP: 22 (default, can vary) 


5. 15. 


e Register agent: 9877 Create virtual machine backups: 443, 902 


e Manage agent: 7780 ZMQ © 


e Sync licenses: 9877 
6. 16. 
Remote installation: NFS: TCP, UDP 111 and 2049 


e Update 1 and earlier: 445, 25001, 9876 
e Update 2 and later: 445, 25001, 43234 


7. 17. 


Access via remote command line (acrocmd, Send reports and emails: SMTP (25, 465, 587, etc) 
acropsh): 9850 


8. 18. 


Create backups to Acronis cloud storage: 443, Deploy appliance: 443, 902 
8443, 44445, 5060 


9. 19. 
e SMB: UDP 137, UDP 138 and TCP 139, TCP 445 


Browse and search backups: 9877 
e SFTP: 22 (default, may vary) 


10. 


Index backups: 9876 


— Backup data © CurveZMQ 256-bit key 


— P Management data © HTTPS/TLS 


A a acl -> Optional functionality 


2.6.2 Installing the management server 


Installation in Windows 


To install the management server 


1. Logonasan administrator and start the Acronis Cyber Backup setup program. 


2. [Optional] To change the language the setup program is displayed in, click Setup language. 


3. Accept the terms of the license agreement and select whether the machine will participate in the 
Acronis Customer Experience Program (ACEP). 


4. Leave the default setting Install a backup agent and Acronis Cyber Backup Management 
Server. 


Acronis 


Welcome to 
Acronis Cyber 
Backup Setup 


Install a backup agent and Acronis Cyber Backup Management 
Server 


The m anagem ent server is required to co nfigure and manage backups. 


Install a backup agent 


The backup agent must be registered on the management server 


Install Acronis Cyber Backup 


Customize installation settings 


Create .mst and .msi files for unattended installation 


5. Do any of the following: 
e Click Install Acronis Cyber Backup . 


This is the easiest way to install the product. Most of the installation parameters will be set to 
their default values. 


The following components will be installed: 
o Management Server 
o Components for Remote Installation 
o Monitoring Service 
o Agent for Windows 
o Other agents (Agent for Hyper-V, Agent for Exchange, Agent for SQL, and Agent for Active 
Directory), if the respective hypervisor or application is detected on the machine 
o Bootable Media Builder 
o Command-Line Tool 
o Backup Monitor 
e Click Customize installation settings to configure the setup. 


You will be able to select the components to be installed and to specify additional parameters. 
For details, refer to "Customizing installation settings". 
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e Click Create .mst and .msi files for unattended installation to extract the installation 
packages. Review or modify the installation settings that will be added to the .mst file, and then 
click Generate. Further steps of this procedure are not required. 


If you want to deploy agents through Group Policy, refer to "Deploying agents through Group 


Policy". 


6. Proceed with the installation. 


7. After the installation completes, click Close. 


Customizing installation settings 


This section describes settings that can be changed during installation. 


Common settings 


e The components to be installed. 


Management 
Server 


Agent for 
Windows 


Agent for 
Hyper-V 


Agent for SQL 


Agent for 
Exchange 


Agent for 
Active 
Directory 


Agent for 
VMware 
(Windows) 


Agent for 
Office 365 


Agent for 
Oracle 


Cyber Backup 
Monitor 


Management Server is the central point for managing all of your backups. With the on- 
premise deployment, it is installed in your local network. 


This agent backs up disks, volumes, files and will be installed on Windows machines. It 
will be always installed, not selectable. 


This agent backs up Hyper-V virtual machines and will be installed on Hyper-V hosts. It 
will be installed if selected and detected Hyper-V role on a machine. 


This agent backs up SQL Server databases and will be installed on machines running 
Microsoft SQL Server. It will be installed if selected and application detected ona 
machine. 


This agent backs up Exchange databases and mailboxes and will be installed on 
machines running the Mailbox role of Microsoft Exchange Server. | will be installed if 
selected and application detected on a machine. 


This agent backs up the data of Active Directory Domain Services and will be installed on 
domain controllers. It will be installed if selected and application detected on a machine. 


This agent backs up VMware virtual machines and will be installed on Windows 
machines that have network access to vCenter Server. It will be installed if selected. 


This agent backs up Microsoft Office 365 mailboxes to a local destination and will be 
installed on Windows machines. It will be installed if selected. 


This agent backs up Oracle databases and will be installed on machines running Oracle 
Database. It will be installed if selected. 


This component enables a user to monitor execution of running tasks in the notification 
area and will be installed on Windows machines. It will be installed if selected. 


Command-line | Cyber Backup supports the command-line interface with the acrocmd utility. acrocmd 


tool does not contain any tools that physically execute the commands. It only provides the 
command-line interface to Cyber Backup components - agents and the management 
server. It will be installed if selected. 


e The folder where the product will be installed. 
e The accounts under which the services will run. 
You can choose one of the following: 
o Use Service User Accounts (default for the agent service) 
Service User Accounts are Windows system accounts that are used to run services. The 
advantage of this setting is that the domain security policies do not affect these accounts’ user 
rights. By default, the agent runs under the Local System account. 
o Create a new account (default for the management server service and the storage node 
service) 
The account names will be Acronis Agent User, AMS User, and ASN User for the agent, 
management server, and the storage node services, respectively. 
o Use the following account 
If you install the product on a domain controller, the setup program prompts you to specify 
existing accounts (or the same account) for each service. For security reasons, the setup 
program does not automatically create new accounts on a domain controller. 


Also, choose this setting if you want the management server to use an existing Microsoft SQL 
server installed on a different machine and use Windows Authentication for the SQL Server. 


If you chose the Create a new account or Use the following account option, ensure that the 
domain security policies do not affect the related accounts’ rights. If an account is deprived of the 
user rights assigned during the installation, the component may work incorrectly or not work. 


2.6.3 Privileges required for a logon account 


A protection agent is run as a Managed Machine Service (MMS) on a Windows machine. The account 
under which the agent will run must have specific rights for the agent to work correctly. Thus, the 
MMS user should be assigned the following privileges: 


1. Included in the Backup Operators and Administrators groups. On a Domain Controller, the 
user must be included in the group Domain Admins. 

2. Granted the Full Control permission on the folder %~PROGRAMDATA%\Acronis (in Windows XP and 
Server 2003, %ALLUSERSPROFILE%\Application Data\Acronis) and on its subfolders. 

3. Granted the Full Control permission on certain registry keys in the following key: HKEY_LOCAL_ 
MACHINE\SOFTWARE \Acronis. 

4. Assigned the following user rights: 
e Logon as a service 
e Adjust memory quotas for a process 
e Replace a process level token 


e Modify firmware environment values 


The ASN user must have local administrator rights on the machine where Acronis Storage Node is 
installed. 


2.6.4 How to assign the user rights 


Follow the instructions below to assign the user rights (this example uses the Log on as service user 
right, the steps are the same for other user rights): 


1. Logon to the computer by using an account with administrative privileges. 


2. Open Administrative Tools from Control Panel (or click Win+R, type control admintools, and 
press Enter) and open Local Security Policy. 


Expand Local Policies and click on User Rights Assignment. 
In the right pane, right-click Log on as a service and select Properties. 


Click on the Add User or Group... button to add a new user. 


OW fw 


Inthe Select Users, Computers, Service Accounts, or Groups window, find the user you wish 
to enter and click OK. 


7. Click OK inthe Log on as a service Properties to save the changes. 


Important 
Ensure that the user which you have added to the Log on as service user right is not listed in the 
Deny log on as a service policy in Local Security Policy. 


Note that it is not recommended to change logon accounts manually after the installation is 
completed. 


Management server installation 

e The database to be used by the management server. By default, the built-in SQLite database is 
used. 

You can select any edition of the following Microsoft SQL Server versions: 

o Microsoft SQL Server 2012 

o Microsoft SQL Server 2014 

o Microsoft SQL Server 2016 

o Microsoft SQL Server 2017 

o Microsoft SQL Server 2019 

The instance you choose can also be used by other programs. 

Before selecting an instance installed on another machine, ensure that SQL Server Browser Service 
and the TCP/IP protocol are enabled on that machine. For instructions on how to start SQL Server 
Browser Service, refer to: http://msdn.microsoft.com/en-us/library/ms189093.aspx. You can 
enable the TCP/IP protocol by using a similar procedure. 

e The port that will be used by a web browser to access the management server (by default, 9877) 
and the port that will be used for communication between the product components (by default, 
7780). Changing the latter port after the installation will require re-registering of all of the 
components. 


Windows Firewall is configured automatically during the installation. If you use a different firewall, 
ensure that the ports are open for both incoming and outgoing requests through that firewall. 


Agent installation 


e Whether the agent will connect to the Internet through an HTTP proxy server, when backing up to 
and recovering from the cloud storage. 
If a proxy server is required, specify its host name or IP address and the port number. If your 
proxy server requires authentication, specify the proxy server credentials. 


Installation in Linux 


Preparation 

1. Before installing the product on a system that does not use RPM Package Manager, such as an 
Ubuntu system, you need to install this manager manually; for example, by running the following 
command (as the root user): apt-get install rpm. 


2. If you want to install Agent for Linux along with the management server, ensure that the 
necessary Linux packages are installed on the machine. 

3. Choose the database to be used by the management server. 
By default, the built-in SQLite database is used. As an alternative, you can use PostgreSQL. For 
information about how to configure the management server for using PostgreSQL, refer to 
http://kb.acronis.com/content/60395. 


Note 
If you switch to PostgreSQL after the management server has been working for some time, you 
will have to add devices, configure backup plans and other settings from scratch. 


Installation 


To install the management server 


1. Asthe root user, run the installation file. 

2. Accept the terms of the license agreement. 

3. [Optional] Select the components that you want to install. 
By default, the following components will be installed: 
« Management Server 
e Agent for Linux 
e Bootable Media Builder 

4. Specify the port that will be used by a web browser to access the management server. The default 
value is 9877. 

5. Specify the port that will be used for communication between the product components. The 
default value is 7780. 

6. Click Next to proceed with the installation. 


7. After the installation completes, select Open web console, and then click Exit. The backup 
console will open in your default web browser. 


Acronis Cyber Backup appliance 


With Acronis Cyber Backup appliance, you can easily obtain a virtual machine with the following 
software: 


e CentOS 

e Acronis Cyber Backup components: 
o Management Server 
o Agent for Linux 
o Agent for VMware (Linux) 


The appliance is provided as a .zip archive. The archive contains the .ovf and .iso files. You can deploy 
the .ovf file to an ESXi host or use the .iso file to boot an existing virtual machine. The archive also 
contains the .vmdk file that should be placed in the same directory with .ovf. 


Note 

VMware Host Client (a web client used to manage standalone ESXi 6.0+) does not allow deploying 
OVF templates with an ISO image inside. If this is your case, create a virtual machine that meets the 
requirements below, and then use the .iso file to install the software. 


Requirements for the virtual appliance are as follows: 


e Minimum system requirements: 
o 2 CPUs 
o 6 GB RAM 
o One 10 GB virtual disk (40 GB recommended) 
e In VMware virtual machine settings, click Options tab > General > Configuration Parameters, 
and then ensure that the disk.EnableUUID parameter value is true. 


Installing the software 


1. Do one of the following: 
e Deploy the appliance from .ovf. After the deployment has completed, power on the resulting 
machine. 
e Boot an existing virtual machine from the .iso. 


2. Select Install or update Acronis Cyber Backup , and then press Enter. Wait for the initial 
setup window to appear. 

3. [Optional] To change the installation settings, select Change settings, and then press Enter. You 
can specify the following settings: 
e The host name of the appliance (by default, AcronisAppliance-<random part>). 


e The password for the "root" account that will be used to log in to the backup console (by 
default, not specified). 


If you leave the default value, after Acronis Cyber Backup is installed, you will be prompted to 
specify the password. Without this password, you will not be able to log in to the backup 
console and the Cockpit web console. 


e Network settings of anetwork interface card: 
o Use DHCP (by default) 
o Set static IP address 


If the machine has several network interface cards, the software selects one of them randomly 
and applies these settings to it. 


4. Select Install with the current settings. 


As aresult, CentOS and Acronis Cyber Backup will be installed on the machine. 


Further actions 


After the installation is completed, the software displays the links to the backup console and the 
Cockpit web console. Connect to the backup console to start using Acronis Cyber Backup: add more 
devices, create backups plans, and so on. 


To add ESXi virtual machines, click Add > VMware ESXi, and then specify the address and credentials 
for the vCenter Server or stand-alone ESXi host. 


There are no Acronis Cyber Backup settings that are configured in the Cockpit web console. The 
console is provided for convenience and troubleshooting. 


Updating the software 


1. Download and unpack the .zip archive with the new appliance version. 
2. Boot the machine from the .iso unpacked in the previous step. 
a. Save the .iso to your vSphere datastore. 
b. Connect the .iso to the machine's CD/DVD drive. 
Restart the machine. 


d. [Only during the first update] Press F2, and then change the boot order so that CD/DVD drive 
comes first. 


3. Select Install or update Acronis Cyber Backup , and then press Enter. 
4. Select Update, and then press Enter. 


Once the update is completed, disconnect the .iso from the machine's CD/DVD drive. 


As aresult, Acronis Cyber Backup will be updated. If the CentOS version in the .iso file is also newer 
than the version on the disk, the operating system will be updated before updating Acronis Cyber 
Backup. 


2.6.5 Adding machines via the web interface 


To start adding a machine to the management server, click All devices > Add. 


If the management server is installed in Linux, you will be asked to select the setup program based on 


the type of the machine that you want to add. Once the setup program is downloaded, run it locally 
on that machine. 


The operations described later in this section are possible if the management server is installed in 


Windows. In most cases, the agent will be silently deployed to the selected machine. 


Adding a machine running Windows 


Preparation 


‘lk, 


For successful installation on a remote machine running Windows XP, the option Control panel > 

Folder options > View > Use simple file sharing must be disabled on that machine. 

For successful installation on a remote machine running Windows Vista or later, the option 

Control panel > Folder options > View > Use Sharing Wizard must be disabled on that 

machine. 

For successful installation on a remote machine that is not a member of an Active Directory 

domain, User Account Control (UAC) must be disabled. 

File and Printer Sharing must be enabled on the remote machine. To access this option: 

e On a machine running Windows XP or Windows 2003 Server: go to Control panel > Windows 
Firewall > Exceptions > File and Printer Sharing. 

e On a machine running Windows Vista, Windows Server 2008, Windows 7, or later: go to 
Control panel > Windows Firewall > Network and Sharing Center > Change advanced 
sharing settings. 

Acronis Cyber Backup uses TCP ports 445, 25001, and 43234 for remote installation. 

Port 445 is automatically opened when you enable File and Printer Sharing. Ports 43234 and 

25001 are automatically opened through Windows Firewall. If you use a different firewall, make 

sure that these three ports are open (added to exceptions) for both incoming and outgoing 

requests. 

After the remote installation is complete, port 25001 is automatically closed through Windows 

Firewall. Ports 445 and 43234 need to remain open if you want to update the agent remotely in 

the future. Port 25001 is automatically opened and closed through Windows Firewall during each 

update. If you use a different firewall, keep all the three ports open. 


Installation packages 


Agents are installed from installation packages. The management server takes the packages from the 
local folder specified in the following registry key: HKEY_LOCAL_ 
MACHINE\SOFTWARE\Acronis\RemotelnstallationFiles\<product build number>. The default 
location is %ProgramFiles%\Acronis\RemoteInstallationFiles\<product build number>. 


You may need to download the installation packages in the following situations: 


e Components for remote installation were not installed during the management server installation. 


e Installation packages were manually removed from the location specified in the registry key. 


e You need to add a 32-bit machine to the 64-bit management server or vice versa. 


e You need to update agents on a 32-bit machine from the 64-bit management server or vice versa, 
by using the Agents tab. 


To get the installation packages 


1. Inthe backup console, click the account icon in the top-right corner > Downloads. 
2. Select Offline installer for Windows. Pay attention to the required bitness - 32-bit or 64-bit. 
3. Save the installer to the packages location. 


Adding the machine 
1. Click All devices > Add. 


2. Click Windows or the button that corresponds to the application that you want to protect. 
Depending on the button you click, one of the following options is selected: 


e Agent for Windows 
e Agent for Hyper-V 
e Agent for SQL + Agent for Windows 
e Agent for Exchange + Agent for Windows 
If you clicked Microsoft Exchange Server > Exchange mailboxes, and at least one Agent 
for Exchange is already registered, you are taken directly to step 5. 
e Agent for Active Directory + Agent for Windows 
e Agent for Office 365 
3. Specify the host name or IP address of the machine, and the credentials of an account with 
administrative privileges on that machine. 
4. Select the name or IP address that the agent will use to access the management server. 
By default, the server name is chosen. You may need to change this setting if the DNS server is 
unable to resolve the name to the IP address, which results in an agent registration failure. 
5. Click Add. 


6. If you clicked Microsoft Exchange Server > Exchange mailboxes in step 2, specify the 
machine where the Client Access server role (CAS) of Microsoft Exchange Server is enabled. For 
more information, refer to "Mailbox backup". 


Requirements on User Account Control (UAC) 


Ona machine that is running Windows Vista or later and is not a member of an Active Directory 
domain, centralized management operations (including remote installation) require that UAC and 
UAC remote restrictions be disabled. 


To disable UAC 


Do one of the following depending on the operating system: 


e In a Windows operating system prior to Windows 8: 
Go to Control panel > View by: Small icons > User Accounts > Change User Account 
Control Settings, and then move the slider to Never notify. Then, restart the machine. 
e In any Windows operating system: 
1. Open Registry Editor. 
2. Locate the following registry key: HKEY_LOCAL_ 
MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System 
3. Forthe EnableLUA value, change the setting to 0. 


Restart the machine. 
To disable UAC remote restrictions 


1. Open Registry Editor. 

2. Locate the following registry key: HKEY_LOCAL_ 
MACHINE\SOFTWARE\ Microsoft\Windows\CurrentVersion\Policies\System 

3. ForLocalAccountTokenFilterPolicy value, change the setting to 1. 
If the LocalAccountTokenFilterPolicy value does not exist, create it as DWORD (32-bit). For 
more information about this value, refer to the Microsoft documentation: 
https://support.microsoft.com/en-us/help/951016/description-of-user-account-control-and- 
remote-restrictions-in-windows. 


Note 

For security reasons, it is recommended that after finishing the management operation - for 
example, remote installation, both of the settings be reverted to their original state: EnableLUA=1 
and LocalAccountTokenFilterPolicy = 0 


Adding a machine running Linux 
1. Click All devices > Add. 


2. Click Linux. This will download the installation file. 


3. On the machine that you want to protect, run the setup program locally. 


Adding a machine running macOS 
1. Click All devices > Add. 


2. Click Mac. This will download the installation file. 


3. Onthe machine that you want to protect, run the setup program locally. 


Adding a vCenter or an ESXi host 
There are four methods of adding a vCenter or a stand-alone ESXi host to the management server: 


e Deploying Agent for VMware (Virtual Appliance) 


This method is recommended in most cases. The virtual appliance will be automatically deployed 
to every host managed by the vCenter you specify. You can select the hosts and customize the 
virtual appliance settings. 
Installing Agent for VMware (Windows) 
You may want to install Agent for VMware on a physical machine running Windows for the purpose 
of an offloaded or LAN-free backup. 
o Offloaded backup 
Use if your production ESXi hosts are so heavily loaded that running the virtual appliances is not 
desirable. 
o LAN-free backup 
If your ESXi uses a SAN attached storage, install the agent on a machine connected to the same 
SAN. The agent will back up the virtual machines directly from the storage rather than via the 
ESXi host and LAN. For detailed instructions, refer to "LAN-free backup". 
If the management server is running in Windows, the agent will be automatically deployed to the 
machine you specify. Otherwise, you need to install the agent manually. 
Registering an already installed Agent for VMware 
This is a necessary step after you have re-installed the management server. Also, you can register 
and configure Agent for VMware (Virtual Appliance) that is deployed from an OVF template. 
Configuring an already registered Agent for VMware 
This is a necessary step after you have installed Agent for VMware (Windows) manually or 
deployed Acronis Cyber Backup appliance. Also, you can associate an already configured Agent for 
VMware with another vCenter Server or stand-alone ESXi host. 


Deploying Agent for VMware (Virtual Appliance) via the web interface 


1 
2 
3. 
4 


Click All devices > Add. 

Click VMware ESXi. 

Select Deploy as a virtual appliance to each host of a vCenter. 

Specify the address and access credentials for the vCenter Server or stand-alone ESXi host. We 
recommend using an account that has the Administrator role assigned. Otherwise, provide an 
account with the necessary privileges on the vCenter Server or ESXi. 


Select the name or IP address that the agent will use to access the management server. 
By default, the server name is chosen. You may need to change this setting if the DNS server is 
unable to resolve the name to the IP address, which results in an agent registration failure. 


[Optional] Click Settings to customize the deployment settings: 

e ESXi hosts that you want to deploy the agent to (only if a vCenter Server was specified in the 
previous step). 

e The virtual appliance name. 

e The datastore where the appliance will be located. 

e Theresource pool or vApp that will contain the appliance. 

e The network that the virtual appliance's network adapter will be connected to. 


7. 


e Network settings of the virtual appliance. You can choose DHCP auto configuration or specify 
the values manually, including a static IP address. 


Click Deploy. 


Installing Agent for VMware (Windows) 


Preparation 


Follow the preparatory steps described in the "Adding a machine running Windows" section. 


Installation 

1. Click All devices > Add. 

2. Click VMware ESXi. 

3. Select Remotely install on a machine running Windows. 

4. Specify the host name or IP address of the machine, and the credentials of an account with 


administrative privileges on that machine. 


Select the name or IP address that the agent will use to access the management server. 
By default, the server name is chosen. You may need to change this setting if the DNS server is 
unable to resolve the name to the IP address, which results in an agent registration failure. 


Click Connect. 

Specify the address and credentials for the vCenter Server or stand-alone ESXi host, and then click 
Connect. We recommend using an account that has the Administrator role assigned. Otherwise, 
provide an account with the necessary privileges on the vCenter Server or ESXi. 


Click Install to install the agent. 


Registering an already installed Agent for VMware 


This section describes registering Agent for VMware via the web interface. 


Alternative registration methods: 


You can register Agent for VMware (Virtual Appliance) by specifying the management server in the 
virtual appliance UI. See step 3 under "Configuring the virtual appliance" in the "Deploying Agent 
for VMware (Virtual Appliance) from an OVF template" section. 


Agent for VMware (Windows) is registered during its local installation. 


To register Agent for VMware 


1 
2 
3. 
4 


Click All devices > Add. 

Click VMware ESXi. 

Select Register an already installed agent. 

If you register Agent for VMware (Windows), specify the host name or IP address of the machine 
where the agent is installed, and credentials of an account with administrative privileges on that 
machine. 


If you register Agent for VMware (Virtual Appliance), specify the host name or IP address of the 
virtual appliance, and credentials for the vCenter Server or the stand-alone ESXi host where the 
appliance is running. 


5. Select the name or IP address that the agent will use to access the management server. 
By default, the server name is chosen. You may need to change this setting if the DNS server is 
unable to resolve the name to the IP address, which results in an agent registration failure. 


Click Connect. 
Specify the host name or IP address of the vCenter Server or the ESXi host, and credentials to 
access it, and then click Connect. We recommend using an account that has the Administrator 
role assigned. Otherwise, provide an account with the necessary privileges on the vCenter Server 
or ESXi. 

8. Click Register to register the agent. 


Configuring an already registered Agent for VMware 


This section describes how to associate Agent for VMware with a vCenter Server or ESXi in the web 
interface. As an alternative, you can do this in the Agent for VMware (Virtual Appliance) console. 


By using this procedure, you can also change the existing association of the agent with a vCenter 
Server or ESXi. Alternatively, you can do this in the Agent for VMware (Virtual Appliance) console or by 
clicking Settings > Agents > the agent > Details > vCenter/ESXi. 


To configure Agent for VMware 


1. Click All devices > Add. 

2. Click VMware ESXi. 

3. The software shows the unconfigured Agent for VMware that appears first alphabetically. 
If all of the agents registered on the management server are configured, click Configure an 
already registered agent, and the software will show the agent that appears first 
alphabetically. 

4. If necessary, click Machine with agent and select the agent to be configured. 
Specify or change the host name or IP address of the vCenter Server or the ESXi host, and 
credentials to access it. We recommend using an account that has the Administrator role 
assigned. Otherwise, provide an account with the necessary privileges on the vCenter Server or 
ESXi. 


6. Click Configure to save the changes. 
2.6.6 Installing agents locally 


Installation in Windows 


To install Agent for Windows, Agent for Hyper-V, Agent for Exchange, Agent for SQL, or Agent 
for Active Directory 


Log on as an administrator and start the Acronis Cyber Backup setup program. 
[Optional] To change the language the setup program is displayed in, click Setup language. 


. Accept the terms of the license agreement and select whether the machine will participate in the 
Acronis Customer Experience Program (ACEP). 


Select Install a backup agent. 
Do any of the following: 
e Click Install Acronis Cyber Backup . 


This is the easiest way to install the product. Most of the installation parameters will be set to 

their default values. 

The following components will be installed: 

o Agent for Windows 

o Other agents (Agent for Hyper-V, Agent for Exchange, Agent for SQL, and Agent for Active 
Directory), if the respective hypervisor or application is detected on the machine 

o Bootable Media Builder 

o Command-Line Tool 

o Backup Monitor 

e Click Customize installation settings to configure the setup. 

You will be able to select the components to be installed and to specify additional parameters. 
For details, refer to "Customizing installation settings". 

e Click Create .mst and .msi files for unattended installation to extract the installation 
packages. Review or modify the installation settings that will be added to the .mst file, and then 
click Generate. Further steps of this procedure are not required. 

If you want to deploy agents through Group Policy, proceed as described in "Deploying agents 
through Group Policy". 

Specify the management server where the machine with the agent will be registered: 

a. Specify the host name or IP address of the machine where the management server is installed. 

b. Specify the credentials of amanagement server administrator or a registration token. 

For more information on how to generate a registration token, refer to "Deploying agents 
through Group Policy". 

If you are not amanagement server administrator, you still can register the machine, by 
selecting the Connect without authentication option. This works on the condition that the 
management server allows anonymous registration, which may be disabled. 

c. Click Done. 


If prompted, select whether the machine with the agent will be added to the organization or to 
one of the units. 

This prompt appears if you administer more than one unit, or an organization with at least one 
unit. Otherwise, the machine will be silently added to the unit you administer or to the 
organization. For more information, refer to "Administrators and units". 


Proceed with the installation. 


9. After the installation completes, click Close. 


10. 


If you installed Agent for Exchange, you will be able to back up Exchange databases. If you want to 
back up Exchange mailboxes, open the backup console, click Add > Microsoft Exchange Server 
> Exchange mailboxes, and then specify the machine where the Client Access server role (CAS) 
of Microsoft Exchange Server is enabled. For more information, refer to "Mailbox backup". 


To install Agent for VMware (Windows), Agent for Office 365, Agent for Oracle, or Agent for 
Exchange on a machine without Microsoft Exchange Server 


1. 
2. 
3. 


Log on as an administrator and start the Acronis Cyber Backup setup program. 

[Optional] To change the language the setup program is displayed in, click Setup language. 
Accept the terms of the license agreement and select whether the machine will participate in the 
Acronis Customer Experience Program (ACEP). 


Select Install a backup agent, and then click Customize installation settings. 

Next to What to install, click Change. 

Select the check box corresponding to the agent that you want to install. Clear the check boxes for 

the components that you do not want to install. Click Done to continue. 

Specify the management server where the machine with the agent will be registered: 

a. Next to Acronis Cyber Backup Management Server, click Specify. 

b. Specify the host name or IP address of the machine where the management server is installed. 

c. Specify the credentials of a management server administrator or a registration token. 
For more information on how to generate a registration token, refer to "Deploying agents 
through Group Policy". 
If you are not amanagement server administrator, you still can register the machine, by 
selecting the Connect without authentication option. This works on the condition that the 
management server allows anonymous registration, which may be disabled. 

d. Click Done. 


If prompted, select whether the machine with the agent will be added to the organization or to 
one of the units. 

This prompt appears if you administer more than one unit, or an organization with at least one 
unit. Otherwise, the machine will be silently added to the unit you administer or to the 
organization. For more information, refer to "Administrators and units". 


[Optional] Change other installation settings as described in "Customizing installation settings". 


Click Install to proceed with the installation. 


. After the installation completes, click Close. 


[Only when installing Agent for VMware (Windows)] Perform the procedure described in 
"Configuring an already registered Agent for VMware". 

[Only when installing Agent for Exchange] Open the backup console, click Add > Microsoft 
Exchange Server > Exchange mailboxes, and then specify the machine where the Client 
Access server role (CAS) of Microsoft Exchange Server is enabled. For more information, refer to 
"Mailbox backup". 


Installation in Linux 


Preparation 


iy 


Before installing the product on a system that does not use RPM Package Manager, such as an 
Ubuntu system, you need to install this manager manually; for example, by running the following 
command (as the root user): apt-get install rpm. 

Ensure that the necessary Linux packages are installed on the machine. 


Installation 


To install Agent for Linux, you need at least 2.0 GB of free disk space. 


To install Agent for Linux 


1. 
2. 
3. 


As the root user, run the appropriate installation file (an .i1686 or an .x86_64 file). 
Accept the terms of the license agreement. 
Specify the components to install: 
a. Clear the Acronis Cyber Backup Management Server check box. 
b. Select the check boxes for the agents that you want to install. The following agents are 
available: 
- Agent for Linux 
- Agent for Oracle 
Agent for Oracle requires that Agent for Linux is also installed. 
c. Click Next. 
Specify the management server where the machine with the agent will be registered: 
a. Specify the host name or IP address of the machine where the management server is installed. 
b. Specify the user name and password of a management server administrator or choose 
anonymous registration. 
Specifying the credentials makes sense if your organization has units, in order to add the 
machine to the unit managed by the specified administrator. With anonymous registration, 
the machine is always added to the organization. For more information, refer to 
"Administrators and units". 
Specifying the credentials is necessary if anonymous registration on the management server is 
disabled. 
c. Click Next. 
If prompted, select whether the machine with the agent will be added to the organization or to 
one of the units, and then press Enter. 
This prompt appears if the account specified in the previous step administers more than one unit 
or an organization with at least one unit. 
If UEFI Secure Boot is enabled on the machine, you are informed that you need to restart the 
system after the installation. Be sure to remember what password (the one of the root user or 


7. 


"acronis") should be used. 


Note 

During the installation, the Acronis key is generated, used to sign the snapapi module, and 
registered as a Machine Owner Key (MOK). The restart is mandatory in order to enroll this key. 
Without enrolling the key, the agent will not be operational. If you enable UEFI Secure Boot after 
the agent installation, repeat the installation including step 6. 


After the installation completes, do one of the following: 
e Click Restart, if you were prompted to restart the system in the previous step. 


During the system restart, opt for MOK (Machine Owner Key) management, choose Enroll 
MOK, and then enroll the key by using the password recommended in the previous step. 


e Otherwise, click Exit. 


Troubleshooting information is provided in the file: 
/usr/lib/Acronis/BackupAndRecovery/HOWTO.INSTALL 


Installation in macOS 


To install Agent for Mac 


ion) 


Double-click the installation file (.dmg). 


1 

2. Wait while the operating system mounts the installation disk image. 
3: 
4 


Double-click Install, and then click Continue. 

[Optional] Click Change install location to change the disk where the software will be installed. 

By default, the system startup disk is selected. 

Click Install. If prompted, enter the administrator's user name and password. 

Specify the management server where the machine with the agent will be registered: 

a. Specify the host name or IP address of the machine where the management server is installed. 

b. Specify the user name and password of a management server administrator or choose 
anonymous registration. 
Specifying the credentials makes sense if your organization has units, in order to add the 
machine to the unit managed by the specified administrator. With anonymous registration, 
the machine is always added to the organization. For more information, refer to 
"Administrators and units". 
Specifying the credentials is necessary if anonymous registration on the management server is 
disabled. 

c. Click Register. 

If prompted, select whether the machine with the agent will be added to the organization or to 

one of the units, and then click Done. 

This prompt appears if the account specified in the previous step administers more than one unit 

or an organization with at least one unit. 


After the installation completes, click Close. 


2.6.7 Unattended installation or uninstallation 


Unattended installation or uninstallation in Windows 


This section describes how to install or uninstall Acronis Cyber Backup in the unattended mode ona 
machine running Windows, by using Windows Installer (the msiexec program). In an Active Directory 
domain, another way of performing unattended installation is through Group Policy—see "Deploying 
agents through Group Policy". 


During the installation, you can use a file known as a transform (an .mst file). Atransform is a file 
with installation parameters. As an alternative, you can specify installation parameters directly in the 
command line. 


Creating the .mst transform and extracting the installation packages 


1. Logonasan administrator and start the setup program. 
2. Click Create .mst and .msi files for unattended installation. 


3. In What to install, select the components that you want to install. The installation packages for 
these components will be extracted from the setup program. 


4. Review or modify other installation settings that will be added to the .mst file. 


Click Generate. 


As aresult, the .mst transform is generated and the .msi and .cab installation packages are extracted 
to the folder you specified. 


Installing the product by using the .mst transform 


Run the following command: 
msiexec /i <package name> TRANSFORMS=<transform name> 


Here: 


e <package name> is the name of the .msi file. This name is AB.msi or AB64.msi, depending on the 
operating system bitness. 

e <transform name> is the name of the transform. This name is AB.msi.mst or AB64.msi.mst, 
depending on the operating system bitness. 


For example, msiexec /i AB64.msi TRANSFORMS=AB64.msi.mst 


Installing or uninstalling the product by specifying parameters manually 


Run the following command: 


msiexec /i <package name><PARAMETER 1>=<value 1> ... <PARAMETER N>=<value n> 


Here, <package name> is the name of the .msi file. This name is AB.msi or AB64.msi, depending on 
the operating system bitness. 


Available parameters and their values are described in "Unattended installation or uninstallation 
parameters". 


Examples 


e Installing Management Server and Components for Remote Installation. 


msiexec.exe /i ab64.msi /lxv my_log.txt /qn 
ADDLOCAL=AcronisCentralizedManagementServer , WebConsole, ComponentRegisterFeature 
TARGETDIR="C:\Program Files\Acronis" REBOOT=ReallySuppress CURRENT_LANGUAGE=en 
ACEP_AGREEMENT=1 AMS_USE_SYSTEM_ACCOUNT=1 


e Installing Agent for Windows, Command-Line Tool, and Backup Monitor. Registering the machine 
with the agent on a previously installed management server. 


msiexec.exe /i ab64.msi /1l*v my_log.txt /qn 

ADDLOCAL=AgentsCoreComponents, BackupAndRecoveryAgent , CommandLineTool,TrayMonito 
r TARGETDIR="C:\Program Files\Acronis" REBOOT=ReallySuppress CURRENT_ 
LANGUAGE=en ACEP_AGREEMENT=1 MMS_CREATE_NEW_ACCOUNT=1 REGISTRATION_ 
ADDRESS=10.10.1.1 


Unattended installation or uninstallation parameters 


This section describes parameters that are used during unattended installation or uninstallation in 
Windows. 


In addition to these parameters, you can use other parameters of msiexec, as described at 


https://msdn.microsoft.com/en-us/library/windows/desktop/aa367988(v=vs.85).aspx. 


Installation parameters 


2.6.8 Common parameters 
ADDLOCAL=<list of components> 


The components to be installed, separated by commas without space characters. All of the 
specified components must be extracted from the setup program prior to installation. 


The full list of the components is as follows. 


Component Must be installed together with Component 
name / 
description 


AcronisCentralizedManagementServer | WebConsole Management 


Server 


WebConsole AcronisCentralizedManagementSer | 32- Web Console 
ver bit/64- 
bit 


MonitoringServer AcronisCentralizedManagementSer | 32- Monitoring 
ver bit/64- Service 
bit 


ComponentRegisterFeature AcronisCentralizedManagementSer | 32- Components 
ver bit/64- for Remote 
bit Installation 


AgentsCoreComponents 32- Core 
bit/64- components 
bit for agents 


BackupAndRecoveryAgent AgentsCoreComponents 32- Agent for 
bit/64- Windows 
bit 


ArxAgentFeature BackupAndRecoveryAgent 32- Agent for 
bit/64- Exchange 
bit 


ArsAgentFeature BackupAndRecoveryAgent 32- Agent for SQL 
bit/64- 
bit 

ARADAgentFeature BackupAndRecoveryAgent 32- Agent for 


bit/64- Active 
bit Directory 


OracleAgentFeature BackupAndRecoveryAgent 32- Agent for 
bit/64- Oracle 
bit 


ArxOnlineAgentFeature AgentsCoreComponents 32- Agent for 
bit/64- Office 365 
bit 


AcronisESXSupport AgentsCoreComponents 32- Agent for 
bit/64- VMware 
bit (Windows) 


HyperVAgent AgentsCoreComponents 32- Agent for 
bit/64- Hyper-V 
bit 


ESXVirtualAppliance 32- Agent for 
bit/64- VMware 
bit (Virtual 


CommandLineTool 32- Command- 
bit/64- Line Tool 
bit 


TrayMonitor BackupAndRecoveryAgent 32- Backup 
bit/64- Monitor 
bit 


32- Bootable 
bit/64- Media 
bit Builder 


BackupAndRecoveryBootableCompone 
nts 


bit/64- 
bit 


CatalogBrowser JRE 8 Update 111 or later 64-bit Catalog 
Service 


TARGETDIR=<path> 


— ne ; — 


The folder where the product will be installed. 
REBOOT=ReallySuppress 

If the parameter is specified, the machine reboot is forbidden. 
CURRENT_LANGUAGE=<language ID> 


The product language. Available values are as follows: en, en_GB, cs, da, de, es_ES, fr, ko, it, 
hu, nl, ja, pl, pt, pt_BR, ru, tr, zh, zh_TW. 


ACEP_AGREEMENT={@, 1} 


If the value is 1, the machine will participate in the Acronis Customer Experience Program 
(CEP). 


REGISTRATION_ADDRESS=<host name or IP address>:<port> 
The host name or IP address of the machine where the management server is installed. 
Agents, Storage Node, and Catalog Service specified in the ADDLOCAL parameter will be registered on 


this management server. The port number is mandatory if it is different from the default value 
(9877). 


If anonymous registration on the management server is disabled, you must specify either the 
REGISTRATION_TOKEN parameter, or the REGISTRATION_LOGIN and REGISTRATION_PASSWORD 
parameters. 


REGISTRATION_TOKEN=<token> 


The registration token that was generated in the backup console as described in 
Deploying agents through Group Policy. 


REGISTRATION_LOGIN=<user name>, REGISTRATION_PASSWORD=<password> 
The user name and password of a management server administrator. 
REGISTRATION_TENANT=<unit ID> 


The unit within the organization. Agents, Storage Node, and Catalog Service specified 
in the ADDLOCAL parameter will be added to this unit. 


To learn a unit ID, in the backup console, click Settings > Administrators, select the 
unit, and click Details. 


This parameter does not work without REGISTRATION_TOKEN, Or REGISTRATION_LOGIN 
and REGISTRATION_PASSWORD. In this case, the components will be added to the organization. 


Without this parameter, the components will be added to the organization. 
REGISTRATION_REQUIRED={@, 1} 


The installation result in case the registration fails. If the value is 1, the installation 
fails. If the value is @, the installation completes successfully even though the component was not 
registered. 


REGISTRATION_CA_SYSTEM={@, 1} | REGISTRATION_CA_BUNDLE={@, 1} | REGISTRATION_PINNED_ 
PUBLIC_KEY=<public key value> 


These mutually exclusive parameters define the method of the management server 
certificate check during the registration. Check the certificate if you want to verify the authenticity of 
the management server to prevent MITM attacks. 


If the value is 1, the verification uses the system CA, or the CA bundle delivered with 
the product, correspondingly. If a pinned public key is specified, the verification uses this key. If the 
value is @ or the parameters are not specified, the certificate verification is not performed, but the 
registration traffic remains encrypted. 


/1*xv <log file> 


If the parameter is specified, the installation log in the verbose mode will be saved to the 
specified file. The log file can be used for analyzing the installation issues. 


2.6.9 Management server installation parameters 
WEB_SERVER_PORT=<port number> 


The port that will be used by a web browser to access the management server. By default, 
9877. 


AMS_ZMQ_PORT=<port number> 


The port that will be used for communication between the product components. By default, 
7780. 


SQL_INSTANCE=<instance> 


The database to be used by the management server. You can select any edition of Microsoft 
SQL Server 2012, Microsoft SQL Server 2014, or Microsoft SQL Server 2016. The instance you choose 
can also be used by other programs. 


Without this parameter, the built-in SQLite database will be used. 
SQL_USER_NAME=<user name> and SQL_PASSWORD=<password> 


Credentials of a Microsoft SQL Server login account. The management server will use 
these credentials to connect to the selected SQL Server instance. Without these parameters, the 
management server will use the credentials of the management server service account (AMS User). 


Account under which the management server service will run 
Specify one of the following parameters: 


e AMS_USE_SYSTEM_ACCOUNT={@, 1} 
If the value is 1, the system account will be used. 
e AMS_CREATE_NEW_ACCOUNT={@, 1} 


If the value is 1, a new account will be created. 


e AMS_SERVICE_USERNAME=<user name> and AMS_SERVICE_PASSWORD=<password> 


The specified account will be used. 


2.6.10 Agent installation parameters 
HTTP_PROXY_ADDRESS=<IP address> and HTTP_PROXY_PORT=<port> 


The HTTP proxy server to be used by the agent. Without these parameters, no proxy server 
will be used. 


HTTP_PROXY_LOGIN=<login> and HTTP_PROXY_PASSWORD=<password> 


The credentials for the HTTP proxy server. Use these parameters if the server requires 
authentication. 


HTTP_PROXY_ONLINE_BACKUP={0@, 1} 


If the value is ð, or the parameter is not specified, the agent will use the proxy server only for 
backup and recovery from the cloud. If the value is 1, the agent also will connect to the management 
server through the proxy server. 


SET_ESX_SERVER={@, 1} 


If the value is 8, Agent for VMware being installed will not be connected to a vCenter Server or 
an ESXi host. After the installation, proceed as described in "Configuring an already registered Agent 
for VMware". 


If the value is 1, specify the following parameters: 


ESX_HOST=<host name or IP address> 
The host name or IP address of the vCenter Server or the ESXi host. 
ESX_USER=<user name> and ESX_PASSWORD=<password> 
Credentials to access the vCenter Server or ESXi host. 
Account under which the agent service will run 
Specify one of the following parameters: 


e MMS_USE_SYSTEM_ACCOUNT={@, 1} 
If the value is 1, the system account will be used. 
e MMS_CREATE_NEW_ACCOUNT={@, 1} 


If the value is 1, a new account will be created. 


e MMS_SERVICE_USERNAME=<user name> and MMS_SERVICE_PASSWORD=<password> 


The specified account will be used. 


2.6.11 Storage node installation parameters 
Account under which the storage node service will run 
Specify one of the following parameters: 


e ASN_USE_SYSTEM_ACCOUNT={@, 1} 
If the value is 1, the system account will be used. 
e ASN_CREATE_NEW_ACCOUNT={@, 1} 
If the value is 1, a new account will be created. 
e ASN_SERVICE_USERNAME=<user name> and ASN_SERVICE_PASSWORD=<password> 


The specified account will be used. 


Uninstallation parameters 


REMOVE={<list of components>|ALL} 
The components to be removed, separated by commas without space characters. 
Available components are described earlier in this section. 


If the value is ALL, all of the product components will be uninstalled. Additionally, you can 
specify the following parameter: 


DELETE_ALL_SETTINGS={0, 1} 


If the value is 1, the product's logs, tasks, and configuration settings will be removed. 


Unattended installation or uninstallation in Linux 


This section describes how to install or uninstall Acronis Cyber Backup in the unattended mode ona 
machine running Linux, by using the command line. 


To install or uninstall the product 


1. Open Terminal. 


2. Run the following command: 
<package name> -a <parameter 1> ... <parameter N> 
Here, <package name> is the name of the installation package (an .i686 or an .x86_64 file). 
3. [Only when installing Agent for Linux] If UEFI Secure Boot is enabled on the machine, you are 
informed that you need to restart the system after the installation. Be sure to remember what 
password (the one of the root user or "acronis") should be used. During the system restart, opt 


for MOK (Machine Owner Key) management, choose Enroll MOK, and then enroll the key by 
using the recommended password. 


If you enable UEFI Secure Boot after the agent installation, repeat the installation including step 3. 
Otherwise, backups will fail. 


Installation parameters 


Common parameters 
{-i |--id=}<list of components> 
The components to be installed, separated by commas without space characters. 


The following components are available for installation: 


AcronisCentralizedManagementServer Management Server 
BackupAndRecoveryAgent Agent for Linux 


BackupAndRecoveryBootableComponents Bootable Media Builder 


Without this parameter, all of the above components will be installed. 


--language=<language ID> 


The product language. Available values are as follows: en, en_GB, cs, da, de, es_ES, fr, ko, it, 
hu, nl, ja, pl, pt, pt_BR, ru, tr, zh, zh_TW. 


{-d|--debug} 


If the parameter is specified, the installation log is written in the verbose mode. The log is 
located in the file /var/log/trueimage-setup.log. 


{-t|--strict} 


If the parameter is specified, any warning that occurs during the installation results in the 
installation failure. Without this parameter, the installation completes successfully even in the case of 
warnings. 


{-n|--nodeps} 
If the parameter is specified, absence of required Linux packages will be ignored during the 


installation. 


Management server installation parameters 


{-W |--web-server-port=}<port number> 


The port that will be used by a web browser to access the management server. By default, 
9877. 


--ams-tcp-port=<port number> 
The port that will be used for communication between the product components. By default, 


7780. 


Agent installation parameters 


Specify one of the following parameters: 


e --skip-registration 
o Do not register the agent on the management server. 
e {-C |--ams=}<host name or IP address> 


o The host name or IP address of the machine where the management server is installed. The 
agent will be registered on this management server. 


If you install the agent and the management server within one command, the agent 
will be registered on this management server regardless of the -c parameter. 


If anonymous registration on the management server is disabled, you must specify 
either the token parameter, or the login and password parameters. 


--token=<token> 


The registration token that was generated in the backup console as described 
in Deploying agents through Group Policy. 


{-g |--login=}<user name> and {-w |--password=}<password> 
Credentials of a management server administrator. 

--unit=<unit ID> 
The unit within the organization. The agent will be added to this unit. 


To learn a unit ID, in the backup console, click Settings > Administrators, 
select the unit, and click Details. 


Without this parameter, the agent will be added to the organization. 


--reg-transport={https|https-ca-system|https-ca-bundle|https-pinned- 
public-key} 


The method of the management server certificate check during the 
registration. Check the certificate if you want to verify the authenticity of the management server to 
prevent MITM attacks. 


If the value is https or the parameter is not specified, the certificate check is 
not performed, but the registration traffic remains encrypted. If the value is nothttps, the check uses 
the system CA, or the CA bundle delivered with the product or the pinned public key, 
correspondingly. 


--reg-transport-pinned-public-key=<public key value> 


The pinned public key value. This parameter should be specified together or 
instead of the --reg-transport=https-pinned-public-key parameter. 


e --http-proxy-host=<IP address> and --http-proxy-port=<port> 
o The HTTP proxy server that the agent will use for backup and recovery from the cloud and for 
connection to the management server. Without these parameters, no proxy server will be used. 
e --http-proxy-login=<login> and --http-proxy-password=<password> 
o The credentials for the HTTP proxy server. Use these parameters if the server requires 
authentication. 


Uninstallation parameters 
{-u]--uninstall} 

Uninstalls the product. 
--purge 


Removes the product's logs, tasks, and configuration settings. 


Information parameters 
{-?|--help} 

Shows the description of parameters. 
--usage 

Shows a brief description of the command usage. 
{-v|--version} 

Shows the installation package version. 
--product-info 


Shows the product name and the installation package version. 


Examples 


e Installing Management Server. 


./AcronisCyberBackup_12.5_64-bit.x86_64 -a -i 
AcronisCentralizedManagementServer 


e Installing Management Server and Monitoring Service. Specifying custom ports. 


./AcronisCyberBackup_12.5_64-bit.x86_64 -a -i 
AcronisCentralizedManagementServer,MonitoringServer --web-server-port 6543 -- 
ams-tcp-port 8123 


e Installing Agent for Linux and registering it on the specified management server. 


./AcronisCyberBackup_12.5_64-bit.x86_64 -a -i BackupAndRecoveryAgent --ams 
10.10.1.1 --login root --password 123456 


e Installing Agent for Linux and registering it on the specified management server, in the specified 
unit. 


./AcronisCyberBackup_12.5_64-bit.x86_64 -a -i BackupAndRecoveryAgent --ams 
10.10.1.1 --login root --password 123456 -unit 01234567-89AB-CDEF-0123- 
456789ABCDEF 


2.6.12 Checking for software updates 
This functionality is available only to organization administrators. 


Each time you sign in to the backup console, Acronis Cyber Backup checks whether a new version is 
available on the Acronis website. If so, the backup console shows a download link for the new version 
at the bottom of each page under the Devices, Plans, and Backups tabs. The link is also available on 
the Settings > Agents page. 


To enable or disable the automatic checks for updates, change the Updates system setting. 


To check for updates manually, click the question mark icon in the top-right corner > About > Check 
for updates or the question mark icon > Check for updates. 


2.6.13 Managing licenses 


Licensing of Acronis Cyber Backup is based on the number of the backed-up physical machines and 
virtualization hosts. Both subscription and perpetual licenses can be used. A subscription expiration 
period starts when you register it on the Acronis site. 


To start using Acronis Cyber Backup, you need to add at least one license key to the management 
server. A license is automatically assigned to a machine when a backup plan is applied. 


Licenses can also be assigned and revoked manually. Manual operations with licenses are available 
only to organization administrators. 


To access the Licenses page 


1. Do one of the following: 
e Click Settings. 
e Click the account icon in the top-right corner. 


2. Click Licenses. 
To add a license key 


1. Click Add keys. 

2. Enter the license keys. 

3. Click Add. 

4. To activate a subscription, you must be signed in. If you entered at least one subscription key, 
enter the email address and password of your Acronis account, and then click Sign in. If you 
entered only perpetual keys, skip this step. 

5. Click Done. 


Note 
If you have already registered the subscription keys, the management server can import them from 
your Acronis account. To synchronize the subscription keys, click Syne and sign in. 


Managing perpetual licenses 
To assign a perpetual license to a machine 


1. Select a perpetual license. 
The software displays the license keys that correspond to the selected license. 


2. Select the key to assign. 


Ww 


Click Assign. 
The software displays the machines that the selected key can be assigned to. 


4. Select the machine, and then click Done. 
To revoke a perpetual license from a machine 


1. Select a perpetual license. 
The software displays the license keys that correspond to the selected license. The machine that 
the key is assigned to is shown in the Assigned to column. 

2. Select the license key to revoke. 

3. Click Revoke. 

4. Confirm your decision. 
The revoked key will remain in the license keys list. It can be assigned to another machine. 


Managing subscription licenses 
To assign a subscription license to a machine 
1. Select a subscription license. 
The software displays the machines that the selected license is already assigned to. 
2. Click Assign. 


The software displays the machines that the selected license can be assigned to. 


3. Select the machine, and then click Done. 
To revoke a subscription license from a machine 


1. Select a subscription license. 

The software displays machines that the selected license is already assigned to. 
2. Select the machine to revoke the license from. 
3. Click Revoke license. 


4. Confirm your decision. 


2.7 Cloud deployment 


2.7.1 Activating the account 


When an administrator creates an account for you, an email message is sent to your email address. 
The message contains the following information: 


- An account activation link. Click the link and set the password for the account. Remember your 
login that is shown on the account activation page. 

¢ A link to the backup console login page. Use this link to access the console in the future. The 
login and password are the same as in the previous step. 


2.7.2 Preparation 


Step 1 


Choose the agent, depending on what you are going to back up. For the information about the 
agents, refer to the "Components" section. 


Step 2 
Download the setup program. To find the download links, click All devices > Add. 


The Add devices page provides web installers for each agent that is installed in Windows. A web 
installer is a small executable file that downloads the main setup program from the Internet and 
saves it as a temporary file. This file is deleted immediately after the installation. 


If you want to store the setup programs locally, download a package containing all agents for 
installation in Windows by using the link at the bottom of the Add devices page. Both 32-bit and 64- 
bit packages are available. These packages enable you to customize the list of components to install. 
These packages also enable unattended installation, for example, via Group Policy. This advanced 
scenario is described in "Deploying agents through Group Policy". 


To download Agent for Office 365 setup program, click the account icon in the top-right corner, and 
then click Downloads > Agent for Office 365. 


Installation in Linux and macOS is performed from ordinary setup programs. 


All setup programs require an Internet connection to register the machine in the backup service. If 
there is no Internet connection, the installation will fail. 


Step 3 


Before the installation, ensure that your firewalls and other components of your network security 
system (such as a proxy sever) allow both inbound and outbound connections through the following 
TCP ports: 


e 443 and 8443 These ports are used for accessing the backup console, registering the agents, 

downloading the certificates, user authorization, and downloading files from the cloud storage. 
e 7770...7800 The agents use these ports to communicate with the backup management server. 
e 44445 The agents use this port for data transfer during backup and recovery. 


If a proxy server is enabled in your network, refer to the "Proxy server settings" section to understand 
whether you need to configure these settings on each machine that runs a backup agent. 


The minimum Internet connection speed required for managing an agent from the cloud is 1 Mbit/s 
(not to be confused with the data transfer rate acceptable for backing up to the cloud). Consider this 
if you use a low-bandwidth connection technology such as ADSL. 


2.7.3 Proxy server settings 


The backup agents can transfer data through an HTTP/HTTPS proxy server. The server must work 
through an HTTP tunnel without scanning or interfering with the HTTP traffic. Man-in-the-middle 
proxies are not supported. 


Because the agent registers itself in the cloud during the installation, the proxy server settings must 
be provided during the installation or in advance. 


In Windows 


If a proxy server is configured in Windows (Control panel > Internet Options > Connections), the 
setup program reads the proxy server settings from the registry and uses them automatically. Also, 
you can enter the proxy settings during the installation, or specify them in advance by using the 
procedure described below. To change the proxy settings after the installation, use the same 
procedure. 


To specify the proxy settings in Windows 


1. Create anew text document and open it in a text editor, such as Notepad. 


2. Copy and paste the following lines into the file: 
Windows Registry Editor Version 5.00 


[LHKEY_LOCAL_MACHINE\SOFTWARE\Acronis\Global\HttpProxy ] 
"Enabled"=dword: 00000001 

"Host"="proxy.company.com" 

"Port"=dword: 000001bb 

"Login"="proxy_login" 

"Password"="proxy_password" 


3. Replace proxy . company . com with your proxy server host name/IP address, and 000001bb with the 
hexadecimal value of the port number. For example, 200001bb is port 443. 

4. If your proxy server requires authentication, replace proxy_login and proxy_password with the 

proxy server credentials. Otherwise, delete these lines from the file. 

Save the document as proxy.reg. 

Run the file as an administrator. 

Confirm that you want to edit the Windows registry. 
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If the backup agent is not installed yet, you can now install it. Otherwise, do the following to 
restart the agent: 

a. Inthe Start menu, click Run, and then type: cmd 

b. Click OK. 

c. Run the following commands: 


net stop mms 
net start mms 


In Linux 


Run the installation file with the parameters --http-proxy-host=ADDRESS --http-proxy-port=PORT 
--http-proxy-login=LOGIN- -http-proxy-password=PASSWORD. To change the proxy settings after 
the installation, use the procedure described below. 


To change the proxy settings in Linux 


1. Open the file /etc/Acronis/Global.config in a text editor. 
2. Do one of the following: 
e If the proxy settings were specified during the agent installation, find the following section: 


<key name="HttpProxy"> 
<value name="Enabled" type="Tdword">"1"</value> 
<value name="Host" type="TString">"ADDRESS"</value> 
<value name="Port" type="Tdword">"PORT"</value> 
<value name="Login" type="TString">"LOGIN"</value> 


<value name="Password" type="TString">"PASSWORD"</value> 
</key> 


e Otherwise, copy the above lines and paste them into the file between the <registry 
name="Global">...</registry> tags. 
3. Replace ADDRESS with the new proxy server host name/IP address, and PORT with the decimal 
value of the port number. 
4. If your proxy server requires authentication, replace LOGIN and PASSWORD with the proxy server 
credentials. Otherwise, delete these lines from the file. 
5. Save the file. 


6. Restart the agent by executing the following command in any directory: 


sudo service acronis_mms restart 


In macOS 


You can enter the proxy settings during the installation, or specify them in advance by using the 
procedure described below. To change the proxy settings after the installation, use the same 
procedure. 


To specify the proxy settings in macOS 


1. Create the file /Library/Application Support/Acronis/Registry/Global.config and open it in a 
text editor, such as Text Edit. 
2. Copy and paste the following lines into the file 
<?xml version="1.0" ?> 
<registry name="Global"> 
<key name="HttpProxy"> 
<value name="Enabled" type="Tdword">"1"</value> 
<value name="Host" type="TString">"proxy . company .com"</value> 
<value name="Port" type="Tdword">"443"</value> 
<value name="Login" type="TString">"proxy_login"</value> 
<value name="Password" type="TString'>"proxy_password'"</value> 
</key> 
</registry> 
3. Replace proxy . company . com with your proxy server host name/IP address, and 443 with the 
decimal value of the port number. 
4. If your proxy server requires authentication, replace proxy_login and proxy_password with the 
proxy server credentials. Otherwise, delete these lines from the file. 
5. Save the file. 
6. Ifthe backup agent is not installed yet, you can now install it. Otherwise, do the following to 
restart the agent: 
a. Goto Applications > Utilities > Terminal 


b. Run the following commands: 


sudo launchctl stop acronis_mms 
sudo launchctl start acronis_mms 


In bootable media 


When working under bootable media, you may need to access the cloud storage via a proxy server. 
To specify the proxy server settings, click Tools > Proxy server, and then specify the proxy server 


host name/IP address, port, and credentials. 


2.7.4 Installing agents 


In Windows 


ie 
2. 
3. 


Ensure that the machine is connected to the Internet. 

Log on as an administrator and start the setup program. 

[Optional] Click Customize installation settings and make the appropriate changes if you 

want: 

e To change the components to install (in particular, to disable installation of Backup Monitor 
and Command-Line Tool). 

e To change the method of registering the machine in the backup service. You can switch from 
Use backup console (default) to Use credentials or Use registration token. 

e To change the installation path. 

e To change the account for the agent service. 

e To verify or change the proxy server host name/IP address, port, and credentials. If a proxy 
server is enabled in Windows, it is detected and used automatically. 

Click Install. 

[Only when installing Agent for VMware] Specify the address and access credentials for the 

vCenter Server or stand-alone ESXi host whose virtual machines the agent will back up, and then 

click Done. We recommend using an account that has the Administrator role assigned. 

Otherwise, provide an account with the necessary privileges on the vCenter Server or ESXi. 

[Only when installing on a domain controller] Specify the user account under which the agent 

service will run, and then click Done. For security reasons, the setup program does not 

automatically create new accounts on a domain controller. 

If you kept the default registration method Use backup console in step 3, wait until the 

registration screen appears, and then proceed to the next step. Otherwise, no more actions are 

required. 


Do one of the following: 

e Click Register the machine. In the opened browser window, sign in to the Cyber Backup web 
console, review the registration details, and then click Confirm registration. 

e Click Show registration info. The setup program shows the registration link and the 
registration code. You can copy them and perform the registration steps on a different 
machine. In this case, you will need to enter the registration code in the registration form. The 


registration code is valid for one hour. 
Alternatively, you can access the registration form by clicking All devices > Add, scrolling down 
to Registration via code, and then clicking Register. 


9. Note 
Do not quit the setup program until you confirm the registration. To initiate the registration 
again, you will have to restart the setup program, and then click Register the machine. 


As aresult, the machine will be assigned to the account that was used to log in to the backup 
console. 


In Linux 


1. Ensure that the machine is connected to the Internet. 

2. Asthe root user, run the installation file. 
If a proxy server is enabled in your network, when running the file, specify the server host 
name/IP address and port in the following format: --http-proxy-host=ADDRESS --http-proxy- 
port=PORT --http-proxy-login=LOGIN--http-proxy-password=PASSWORD. 
If you want to change the default method of registering the machine in the backup service, run 
the installation file with one of the following parameters: 
e --register-with-credentials -to ask for a user name and password during the installation 
e --token=STRING -to use a registration token 
e --skip-registration -to skip the registration 

3. Select the check boxes for the agents that you want to install. The following agents are available: 
e Agent for Linux 
e Agent for Virtuozzo 
Agent for Virtuozzo cannot be installed without Agent for Linux. 

4. If you kept the default registration method in step 2, proceed to the next step. Otherwise, enter 
the user name and password for the backup service, or wait until the machine will be registered by 
using the token. 


5. Doone of the following: 

e Click Register the machine. In the opened browser window, sign in to the Cyber Backup web 
console, review the registration details, and then click Confirm registration. 

e Click Show registration info. The setup program shows the registration link and the 
registration code. You can copy them and perform the registration steps on a different 
machine. In this case, you will need to enter the registration code in the registration form. The 
registration code is valid for one hour. 

Alternatively, you can access the registration form by clicking All devices > Add, scrolling down 
to Registration via code, and then clicking Register. 


6. 


8. 


Note 
Do not quit the setup program until you confirm the registration. To initiate the registration 
again, you will have to restart the setup program and repeat the installation procedure. 


As aresult, the machine will be assigned to the account that was used to log in to the backup 
console. 

If UEFI Secure Boot is enabled on the machine, you are informed that you need to restart the 
system after the installation. Be sure to remember what password (the one of the root user or 
"acronis") should be used. 


Note 

During the installation, a new key is generated, used to sign the snapapi module, and registered 
as a Machine Owner Key (MOK). The restart is mandatory in order to enroll this key. Without 
enrolling the key, the agent will not be operational. If you enable UEFI Secure Boot after the agent 
installation, repeat the installation including step 6. 


After the installation completes, do one of the following: 
e Click Restart, if you were prompted to restart the system in the previous step. 


During the system restart, opt for MOK (Machine Owner Key) management, choose Enroll 
MOK, and then enroll the key by using the password recommended in the previous step. 


e Otherwise, click Exit. 


Troubleshooting information is provided in the file: 
/usr/lib/Acronis/BackupAndRecovery/HOWTO.INSTALL 


In macOS 
Ensure that the machine is connected to the Internet. 
Double-click the installation file (.dmg). 
Wait while the operating system mounts the installation disk image. 
Double-click Install. 
If a proxy server is enabled in your network, click Backup Agent in the menu bar, click Proxy 
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server settings, and then specify the proxy server host name/IP address, port, and credentials. 
If prompted, provide administrator credentials. 
Click Continue. 


Wait until the registration screen appears. 


Do one of the following: 

e Click Register the machine. In the opened browser window, sign in to the Cyber Backup web 
console, review the registration details, and then click Confirm registration. 

e Click Show registration info. The setup program shows the registration link and the 
registration code. You can copy them and perform the registration steps on a different 
machine. In this case, you will need to enter the registration code in the registration form. The 


registration code is valid for one hour. 
Alternatively, you can access the registration form by clicking All devices > Add, scrolling down 
to Registration via code, and then clicking Register. 


10. Tip Do not quit the setup program until you confirm the registration. To initiate the registration 
again, you will have to restart the setup program and repeat the installation procedure. 


As a result, the machine will be assigned to the account that was used to log in to the backup console. 


2.8 Deploying Agent for VMware (Virtual Appliance) from 
an OVF template 


2.8.1 Before you start 


System requirements for the agent 


By default, the virtual appliance is assigned 4 GB of RAM and 2 vCPUs, which is optimal and sufficient 
for most operations. We recommend increasing these resources to 8 GB of RAM and 4 vCPUs if the 
backup traffic bandwidth is expected to exceed 100 MB per second (for example, in 10-GBit 
networks), in order to improve backup performance. 


The appliance's own virtual disks occupy no more than 6 GB. Thick or thin disk format does not 
matter, it does not affect the appliance performance. 


How many agents do | need? 


Even though one virtual appliance is able to protect an entire vSphere environment, the best practice 
is deploying one virtual appliance per vSphere cluster (or per host, if there are no clusters). This makes 
for faster backups because the appliance can attach the backed-up disks by using the HotAdd 
transport, and therefore the backup traffic is directed from one local disk to another. 


It is normal to use both the virtual appliance and Agent for VMware (Windows) at the same time, as 
long as they are connected to the same vCenter Server or they are connected to different ESXi hosts. 
Avoid cases when one agent is connected to an ESXi directly and another agent is connected to the 
vCenter Server which manages this ESXi. 


We do not recommend using locally attached storage (i.e. storing backups on virtual disks added to 
the virtual appliance) if you have more than one agent. For more considerations, see "Using a locally 
attached storage". 


Disable automatic DRS for the agent 


If the virtual appliance is deployed to a vSphere cluster, be sure to disable automatic vMotion for it. In 
the cluster DRS settings, enable individual virtual machine automation levels, and then set 
Automation level for the virtual appliance to Disabled. 


2.8.2 Deploying the OVF template 


Location of the OVF tempate 


The OVF template consists of one .ovf file and two .vmdk files. 


In on-premises deployments 
After the management server is installed, the virtual appliance's OVF package is located in the folder 
%ProgramFiles%\Acronis\ESXAppliance (in Windows) or /usr/lib/Acronis/ESXAppliance (in 


Linux). 


In cloud deployments 
1. Click All devices > Add > VMware ESXi > Virtual Appliance (OVF). 


The .zip archive is downloaded to your machine. 


2. Unpack the .zip archive. 


Deploying the OVF template 


1. Ensure that the OVF template files files can be accessed from the machine running the vSphere 

Client. 

2. Start the vSphere Client and log on to the vCenter Server. 
3. Deploy the OVF template. 

e When configuring storage, select the shared datastore, if it exists. Thick or thin disk format does 
not matter, as it does not affect the appliance performance. 

e When configuring network connections in cloud deployments, be sure to select a network that 
allows an Internet connection, so that the agent can properly register itself in the cloud. When 
configuring network connections in on-premises deployments, select a network that includes 
the management server. 


2.8.3 Configuring the virtual appliance 


1. Starting the virtual appliance 
In the vSphere Client, display the Inventory, right-click the virtual appliance's name, and then 
select Power > Power On. Select the Console tab. 
2. Proxy server 
If a proxy server is enabled in your network: 
a. To start the command shell, press CTRL+SHIFT+F2 while in the virtual appliance UI. 
b. Open the file /etc/Acronis/Global.config in a text editor. 
c. Find the following section: 


<key name="HttpProxy"> 
<value name="Enabled" type="Tdword">"@"</value> 


<value name="Host" type="TString">"ADDRESS"</value> 

<value name="Port" type="Tdword">"PORT"</value> 

<value name="Login" type="TString">"LOGIN"</value> 

<value name="Password" type="TString">"PASSWORD"</value> 
</key> 


d. Replace @ with 1. 
e. Replace ADDRESS with the new proxy server host name/IP address, and PORT with the decimal 
value of the port number. 
f. If your proxy server requires authentication, replace LOGIN and PASSWORD with the proxy server 
credentials. Otherwise, delete these lines from the file. 
g. Save the file. 
h. Execute the reboot command. 
Otherwise, skip this step. 
3. Network settings 
The agent's network connection is configured automatically by using Dynamic Host Configuration 
Protocol (DHCP). To change the default configuration, under Agent options, in eth, click 
Change and specify the desired network settings. 
4. vCenter/ESX(i) 
Under Agent options, in vCenter/ESX(i), click Change and specify the vCenter Server name or 
IP address. The agent will be able to back up and recover any virtual machine managed by the 
vCenter Server. 


If you do not use a vCenter Server, specify the name or IP address of the ESXi host whose virtual 
machines you want to back up and recover. Normally, backups run faster when the agent backs 
up virtual machines hosted on its own host. 


Specify the credentials that the agent will use to connect to the vCenter Server or ESXi. We 
recommend using an account that has the Administrator role assigned. Otherwise, provide an 
account with the necessary privileges on the vCenter Server or ESXi. 
You can click Check connection to ensure the access credentials are correct. 
5. Management server 
a. Under Agent options, in Management Server, click Change. 
b. InServer name/IP, do one of the following: 
e Foran on-premises deployment, select Local. Specify the host name or IP address of the 
machine where the management server is installed. 
e For a cloud deployment, select Cloud. The software displays the Cyber Protection service 
address. Do not change this address unless instructed otherwise. 
c. InUser name and Password, do one of the following: 


e Foran on-premises deployment, specify the user name and password of a management 
server administrator. 


e For a cloud deployment, specify the user name and password for the Cyber Protection 
service. The agent and the virtual machines managed by the agent will be registered under 
this account. 


6. Time zone 


Under Virtual machine, in Time zone, click Change. Select the time zone of your location to 
ensure that the scheduled operations run at the appropriate time. 

[Optional] Local storages 

You can attach an additional disk to the virtual appliance so the Agent for VMware can back up to 
this locally attached storage. 


Add the disk by editing the settings of the virtual machine and click Refresh. The Create storage 
link becomes available. Click this link, select the disk, and then specify a label for it. 


2.8.4 Updating Agent for VMware (Virtual Appliance) 


In on-premises deployments, use the same update procedure as for other agents. 


In cloud deployments, use the following procedure. 


To update Agent for VMware (Virtual Appliance) in cloud deployments 


al 


Remove Agent for VMware (Virtual Appliance), as described in "Uninstalling the product". In step 5, 
delete the agent from Settings > Agents, even though you are planning to install the agent 
again. 

Deploy Agent for VMware (Virtual Appliance), as described in "Deploying the OVF template". 
Configure Agent for VMware (Virtual Appliance), as described in "Configuring the virtual 
appliance". 

If you want to reconstruct the locally attached storage, in step 7 do the following: 

a. Add the disk containing the local storage to the virtual appliance. 

b. Click Refresh > Create storage > Mount. 

c. The software displays the original Letter and Label of the disk. Do not change them. 

d. Click OK. 

As aresult, the backup plans that were applied to the old agent are re-applied automatically to the 
new agent. 

The plans with application-aware backup enabled require the guest OS credentials to be re- 
entered. Edit these plans and re-enter the credentials. 

The plans that back up ESXi configuration require the "root" password to be re-entered. Edit these 
plans and re-enter the password. 


2.9 Deploying agents through Group Policy 


You can centrally install (or deploy) Agent for Windows onto machines that are members of an Active 
Directory domain, by using Group Policy. 


In this section, you will find out how to set up a Group Policy object to deploy agents onto machines 
in an entire domain or in its organizational unit. 


Every time a machine logs on to the domain, the resulting Group Policy object will ensure that the 
agent is installed and registered. 


2.9.1 Prerequisites 
Before proceeding with agent deployment, ensure that: 


e You have an Active Directory domain with a domain controller running Microsoft Windows Server 
2003 or later. 

e You area member of the Domain Admins group in the domain. 

e You have downloaded the All agents for installation in Windows setup program. The 
download link is available on the Add devices page in the backup console. 


2.9.2 Step 1: Generating a registration token 


A registration token passes your identity to the setup program without storing your login and 
password for the backup console. This enables you to register any number of machines under your 
account. For more security, a token has limited lifetime. 


To generate a registration token 


1. Signin to the backup console by using the credentials of the account to which the machines 
should be assigned. 

Click All devices > Add. 

Scroll down to Registration token, and then click Generate. 


Specify the token lifetime, and then click Generate token. 


oy why 


Copy the token or write it down. Be sure to save the token if you need it for further use. 
You can click Manage active tokens to view and manage the already generated tokens. Please 
be aware that for security reasons, this table does not display full token values. 


2.9.3 Step 2: Creating the .mst transform and extracting the 
installation package 


1. Logonasan administrator on any machine in the domain. 

2. Create a shared folder that will contain the installation packages. Ensure that domain users can 
access the shared folder—for example, by leaving the default sharing settings for Everyone. 

3. Start the setup program. 

4. Click Create .mst and .msi files for unattended installation. 
Review or modify the installation settings that will be added to the .mst file. When specifying the 
method of connection to the management server, select Use a registration token, and then 
enter the token you generated. 

6. Click Proceed. 


7. 
8. 


In Save the files to, specify the path to the folder you created. 


Click Generate. 


As aresult, the .mst transform is generated and the .msi and .cab installation packages are extracted 
to the folder you created. 


2.9.4 Step 3: Setting up the Group Policy objects 


1. 


Log on to the domain controller as a domain administrator; if the domain has more than one 

domain controller, log on to any of them as a domain administrator. 

If you are planning to deploy the agent in an organizational unit, ensure that the organizational 

unit exists in the domain. Otherwise, skip this step. 

Inthe Start menu, point to Administrative Tools, and then click Active Directory Users and 

Computers (in Windows Server 2003) or Group Policy Management (in Windows Server 2008 

or later). 

In Windows Server 2003: 

e Right-click the name of the domain or organizational unit, and then click Properties. In the 
dialog box, click the Group Policy tab, and then click New. 

In Windows Server 2008 or later: 

e Right-click the name of the domain or organizational unit, and then click Create a GPO in this 
domain, and Link it here. 

Name the new Group Policy object Agent for Windows. 

Open the Agent for Windows Group Policy object for editing, as follows: 

e In Windows Server 2003, click the Group Policy object, and then click Edit. 

e In Windows Server 2008 or later, under Group Policy Objects, right-click the Group Policy 
object, and then click Edit. 

In the Group Policy object editor snap-in, expand Computer Configuration. 

In Windows Server 2003 and Windows Server 2008: 

e Expand Software Settings. 

In Windows Server 2012 or later: 

e Expand Policies > Software Settings. 

Right-click Software installation, then point to New, and then click Package. 

Select the agent's .msi installation package in the shared folder that you previously created, and 

then click Open. 

In the Deploy Software dialog box, click Advanced, and then click OK. 

On the Modifications tab, click Add, and then select the .mst transform that you previously 

created. 


Click OK to close the Deploy Software dialog box. 


2.10 Updating agents 


Prerequisites 


On Windows machines, Cyber Protect features require Microsoft Visual C++ 2017 Redistributable. 
Please ensure that it is already installed on your machine or install it before updating the agent. After 
the installation, a restart may be required. The Microsoft Visual C++ Redistributable package can be 
found here https://support.microsoft.com/help/2999226/update-for-universal-c-runtime-in- 


windows. 
To find the agent version, select the machine, and then click Details. 


You can update agents by using the Cyber Backup web console or by repeating their installation in 
any available way. To update multiple agents simultaneously, use the following procedure. 


To update agents by using the Cyber Backup web console 


1. [Only in on-premises deployments] Update the management server. 

2. [Only in on-premises deployments] Ensure that the installation packages are present on the 
machine with the management server. For the exact steps, refer to "Adding a machine running 
Windows" > "Installation packages". 

3. In theCyber Backup web console, Click Settings > Agents. 

The software displays the list of machines. The machines with outdated agent versions are 
marked with an orange exclamation mark. 

4. Select the machines that you want to update the agents on. The machines must be online. 
Click Update agent. 

[Only in on-premises deployments] The update progress is shown on the Activities tab. 


Note 
During the update, any backups that are in progress will fail. 


2.11 Uninstalling the product 


If you want to remove individual product components from a machine, run the setup program, 
choose to modify the product, and clear the selection of the components that you want to remove. 
The links to the setup programs are present on the Downloads page (click the account icon in the 
top-right corner > Downloads). 


If you want to remove all of the product components from a machine, follow the steps described 
below. 


Warning! 

In on-premises deployments, be careful not to uninstall the management server by mistake. The 
backup console will become unavailable. You will no longer be able to back up and recover the 
machines that are registered on this management server. 


2.11.1 In Windows 


1. Log on as an administrator. 

2. Goto Control panel, and then select Programs and Features (Add or Remove Programs in 
Windows XP) > Acronis Cyber Backup > Uninstall. 

3. [Optional] Select the Remove the logs and configuration settings check box. 
Keep this check box cleared if you are uninstalling an agent and are planning to install it again. If 
you select the check box, the machine may be duplicated in the backup console and the backups 
of the old machine may not be associated with the new machine. 

4. Confirm your decision. 
If you are planning to install the agent again, skip this step. Otherwise, in the backup console, click 
Settings > Agents, select the machine where the agent was installed, and then click Delete. 


2.11.2 In Linux 


1. Asthe root user, run /usr/lib/Acronis/BackupAndRecovery/uninstall/uninstall. 

2. [Optional] Select the Clean up all product traces (Remove the product's logs, tasks, 
vaults, and configuration settings) check box. 
Keep this check box cleared if you are uninstalling an agent and are planning to install it again. If 
you select the check box, the machine may be duplicated in the backup console and the backups 
of the old machine may not be associated with the new machine. 
Confirm your decision. 

4. Ifyou are planning to install the agent again, skip this step. Otherwise, in the backup console, click 
Settings > Agents, select the machine where the agent was installed, and then click Delete. 


2.11.3 In macOS 


Double-click the installation file (.dmg). 

Wait while the operating system mounts the installation disk image. 
Inside the image, double-click Uninstall. 

If prompted, provide administrator credentials. 


Confirm your decision. 
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If you are planning to install the agent again, skip this step. Otherwise, in the backup console, click 
Settings > Agents, select the machine where the agent was installed, and then click Delete. 


2.11.4 Removing Agent for VMware (Virtual Appliance) 


1. Start the vSphere Client and log on to the vCenter Server. 

2. If the virtual appliance (VA) is powered on, right-click it, and then click Power > Power Off. 
Confirm your decision. 

3. If the VA uses a locally attached storage on a virtual disk and you want to preserve data on that 
disk, do the following: 
a. Right-click the VA, and then click Edit Settings. 
b. Select the disk with the storage, and then click Remove. Under Removal Options, click 

Remove from virtual machine. 

c. Click OK. 
As aresult, the disk remains in the datastore. You can attach the disk to another VA. 

4. Right-click the VA, and then click Delete from Disk. Confirm your decision. 

5. If you are planning to install the agent again, skip this step. Otherwise, in the backup console, click 
Settings > Agents, select the virtual appliance, and then click Delete. 


3 Accessing the backup console 


To access the backup console, enter the login page address into the web browser address bar, and 
then sign in as described below. 


3.1 On-premises deployment 


The login page address is the IP address or name of the machine where the management server is 
installed. 


Both the HTTP and the HTTPS protocols are supported on the same TCP port, which can be 
configured during the management server installation. The default port is 9877. 


You can configure the management server to prohibit accessing the backup console via HTTP and to 
use a third-party SSL certificate. 


3.1.1 In Windows 


If the management server is installed in Windows, there are two ways to sign in to the backup 
console: 


e Click Sign in to sign in as the current Windows user. 
This is the easiest way to sign in from the same machine where the management server is installed. 
If the management server is installed on a different machine, this method works on the conditions 
that: 
o The machine you are signing in from is in the same Active Directory domain as the management 

server. 

o You are logged on as a domain user. 
We recommend configuring your web browser for Integrated Windows Authentication. Otherwise, 
the browser will ask for a user name and password. 


e Click Enter user name and password, and then specify the user name and password. 


In any case, your account must be in the list of the management server administrators. By default, 
this list contains the Administrators group on the machine running the management server. For 
more information, refer to "Administrators and units". 


3.1.2 In Linux 


If the management server is installed in Linux, specify the user name and password of an account 
that is in the list of the management server administrators. By default, this list contains only the root 
user on the machine running the management server. For more information, refer to "Administrators 
and units". 


3.2 Cloud deployment 


The login page address is https://backup.acronis.com/. The user name and password are those of 
your Acronis account. 


If your account was created by the backup administrator, you need to activate the account and set 
the password by clicking the link in your activation email. 


3.3 Changing the language 


When logged in, you can change the language of the web interface by clicking the account icon in the 
top-right corner. 


3.4 Configuring a web browser for Integrated Windows 
Authentication 


Integrated Windows Authentication is possible if you access the backup console from a machine 
running Windows and any supported browser. 


We recommend configuring your web browser for Integrated Windows Authentication. Otherwise, 
the browser will ask for a user name and password. 


3.4.1 Configuring Internet Explorer, Microsoft Edge, Opera, and 
Google Chrome 


If the machine running the browser is in the same Active Directory domain as the machine running 
the management server, add the console's login page to the list of Local intranet sites. 


Otherwise, add the console's login page to the list of Trusted sites and enable the Automatic 
logon with current user name and password setting. 


The step-by-step instructions are provided later in this section. Because these browsers use Windows 
settings, it is also possible to configure them by using Group Policy in an Active Directory domain. 


3.4.2 Configuring Mozilla Firefox 


In Firefox, navigate to the URL about: config, and then click the | accept the risk button. 
In the Search field, search for the network. negotiate-auth. trusted-uris preference. 
Double-click the preference, and then enter the address of the backup console login page. 


Repeat steps 2-3 for the network. automatic-ntlm-auth. trusted-uris preference. 


Se WO Na 


Close the about:config window. 


3.4.3 Adding the console to the list of local intranet sites 


1. Goto Control Panel > Internet Options. 
2. On the Security tab, select Local intranet. 


Security | Privacy | Content | Connections | Programs | Advanced | 


Select a zone to view or change security settings. 


@ @ y 9 


Internet Trusted sites Restricted 
sites 


ERTS 
; This zone is for all websites that are = 
found on your intranet. 


Security level for this zone 
Allowed levels for this zone: All 
j Medium-low 
- Appropriate for websites on your local network 
(intranet) 
Ea - Most content will be run without prompting you 


- Unsigned ActiveX controls will not be 
- Same as Medium level without prompts 


[V] Enable Protected Mode (requires restarting Internet Explorer) 


[x |] | Awy | 


3. Click Sites. 


4. In Add this website to the zone, enter the address of the backup console login page, and then 
click Add. 
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You can add and remove websites from this zone. All websites in 
this zone will use the zone's security settings. 


Add this website to the zone: 
Websites: 

10.250. 147.79 

hep: //system 


http: //localhost 
https: //localhost 


[_] Require server verification (https:) for all sites in this zone 


5. Click Close. 
6. Click OK. 


3.4.4 Adding the console to the list of trusted sites 


1. Goto Control Panel > Internet Options. 
2. On the Security tab, select Trusted sites, and then click Custom Level. 
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|General | Security 


Select a zone to view or change security settings. 


@ &@ y 9 


Internet Local intranet MSAA Restricted 
sites 


aaie 
This zone contains websites that you 
trust not to damage your computer or 


your files, 
You have websites in this zone. 


Security level For this zone 
Allowed levels For this zone: All 


Medium 


- Prompts before downloading potentially unsafe 
content 
EE) - Unsigned ActiveX controls will not be downloaded 


[_] Enable Protected Mode (requires restarting Internet Explorer) 


Custom level... | Default level | 
Reset all zones to default level 


3. Under Logon, select Automatic logon with current user name and password, and then click 
OK. 
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Settings 


© Disable 
@® Enable 

=) Enable x55 filter 
© Disable 
@® Enable 

g) Scripting of Java applets 
© Disable 
@ Enable 
© Prompt 

Bè, User Authentication 

2, Logon 
O Anonymous logon 
© Automatic logon only in Intranet zone 

Automatic logon with current user name and password 

O Prompt for user name and password 


<| m 


*Takes effect after you restart your computer 


Reset custom settings 


Reset to: | Medium (default) w 


4. On the Security tab, with Trusted sites still selected, click Sites. 


5. In Add this website to the zone, enter the address of the backup console login page, and then 
click Add. 
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You can add and remove websites from this zone. All websites in 
this zone will use the zone's security settings. 


Add this website to the zone: 
http://ams.server.corp.com| 


Websites: 
http: /* update. microsoft.com Remove 
http: *. windowsupdate.com 

http: //*. windowsupdate. microsoft.com 
http: /fgo.microsoft.com 


bec. Jo. de ~~: -- CL ~~ ~~ 


v 


[_] Require server verification (https:) For all sites in this zone 


Close 


6. Click Close. 
7. Click OK. 


3.5 Changing the SSL certificate settings 


This section describes how to change the self-signed Secure Socket Layer (SSL) certificate generated 
by the management server to a certificate issued by a trusted certificate authority, such as GoDaddy, 
Comodo, or GlobalSign. If you do this, the certificate used by the management server will be trusted 
on any machine. The browser security alert will not appear when logging in to the backup console by 
using the HTTPS protocol. 


Optionally, you can configure the management server to prohibit accessing the backup console via 
HTTP, by redirecting all users to HTTPS. 


To change the SSL certificate settings 


1. Ensure that you have all of the following: 
e The certificate file (.pem, .cert, or other format) 
e The file with the private key for the certificate (usually .key) 
e The private key passphrase, if the key is encrypted 
2. Copy the files to the machine running the management server. 
3. On this machine, open the following configuration file with a text editor: 
e In Windows: %ProgramData%\Acronis\ApiGateway\api_gateway.json 
e In Linux: /var/lib/Acronis/ApiGateway/api_gateway.json 
4. Locate the following section: 


Hgts T 
"cert_file": "cert.pem", 
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10. 


"key_file": "key.pem", 
"passphrase": "" 
"auto_redirect": false 


Between the quotation marks in the "cert_file" line, specify the full path to the certificate file. 
For example: 


e In Windows (note the forward slashes): "cert_file": "C:/certificate/local- 


domain.ams.cert" 
e In Linux: "cert_file": "/home/user/local-domain.ams.cert" 
Between the quotation marks in the "key_file" line, specify the full path to the private key file. 
For example: 
e In Windows (note the forward slashes): "key_file": "C:/certificate/private.key" 
e In Linux: "key_file": "/home/user/private.key" 


If the private key is encrypted, between the quotation marks in the "passphrase" line, specify the 
private key passphrase. For example: "passphrase": "my secret passphrase" 

If you want to prohibit accessing the backup console via HTTP, by redirecting all users to HTTPS, 
change the "auto_redirect" value from false to true. Otherwise, skip this step. 


Save the api_gateway.json file. 


Important 
Please be careful and do not accidentally delete any commas, brackets, and quotation marks in 
the configuration file. 


Restart Acronis Service Manager Service as described below. 


To restart Acronis Service Manager Service in Windows 


k 


In the Start menu, click Run, and then type: cmd 
Click OK. 
Run the following commands: 


net stop asm 
net start asm 


To restart Acronis Service Manager Service in Linux 


ule 
2. 


Open Terminal. 


Run the following command in any directory: 


sudo service acronis_asm restart 


4 Backup console view 


The backup console has two views: a simple view and a table view. To switch between the views, click 
the corresponding icon in the top right corner. 


The simple view supports a small number of machines. 


All devices ADD © © 


st1.localdomain $3 
bh Status Last backup Next backup 
Not protected Sep 22, 2016, 09:07 PM Sep 26, 2016, 08:00 PM 
NEW_CT aE 


Status Last backup Next backup 
d Not protected Sep 25, 2016, 09:00 PM Sep 26, 2016, 08:00 PM 
BACK UP NOW v RECOVER 


new-TEST BB 


(wal Status Last backup Next ba 
Not protected — — 


The table view is enabled automatically when the number of machines becomes large. 


All devices |a | © ® 
Q Search X% Backup 
Type Name Status ® Last back 
yp si & & Recovery 
st1.localdomain © ok Jun22 11:39AM 
am Overview 
Me onewo ©) Not protected Sep 22 09:07 PM 
= 
iz] new-TEST Ñ) Not protected Sep 25 09:00 PM © Activities 
= 
z test-01 Ñ) Not protected Never © 
z Alerts 


Both views provide access to the same features and operations. This document describes access to 
operations from the table view. 
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5 Backup 


A backup plan is a set of rules that specify how the given data will be protected on a given machine. 


A backup plan can be applied to multiple machines at the time of its creation, or later. 


Note 

In on-premises deployments, if only the Standard licenses are present on the management server, a 
backup plan cannot be applied to multiple physical machines. Each physical machine must have its 
own backup plan. 


To create the first backup plan 


1. Select the machines that you want to back up. 
2. Click Backup. 
The software displays a new backup plan template. 


New backup plan $ 3 
HAT TO BACI Entire machine v 

JHERE TO BACK UF Specify 
HEDULE Monday to Friday at 11:00 PM 


IG TO KEEP Monthly: 6 months 
Weekly: 4 weeks 
Daily: 7 days 


ENCRYPTIO! @_) off ® 
ERT TO VM Disabled 


Disabled 


CREATE 


3. [Optional] To modify the backup plan name, click the default name. 
4. [Optional] To modify the plan parameters, click the corresponding section of the backup plan 
panel. 
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5. [Optional] To modify the backup options, click the gear icon. 
6. Click Create. 


To apply an existing backup plan 


1. Select the machines that you want to back up. 


2. Click Backup. If acommon backup plan is already applied to the selected machines, click Add 
backup plan. 


The software displays previously created backup plans. 


<_ Back to applied backup plans 


Create new 


1st plan v 


2nd plan v 


3. Select a backup plan to apply. 
4. Click Apply. 


5.1 Backup plan cheat sheet 


Note 
In cloud deployments, some of the features described in this section might not be available or might 
be different. 


The following table summarizes the available backup plan parameters. Use the table to create a 
backup plan that best fits your needs. 


WHAT TO BACK | ITEMS TO WHERE TO BACK SCHEDULE HOW LONG TO 


UP BACK UP UP KEEP 
Backup schemes 


Selection 


(not for Cloud) 
methods 


Always incremental (Single- 
file)* 


Direct Cloud By backup age 


Disks/volumes selection Local folder (single rule/per 


(physical Always full backup set) 


Policy rules 
machines) y Network folder 


Weekly full, Daily By number of 
incremental backups 


File filters SFTP server* 


Disks/volumes 
(virtual 
machines) 


Files 
(physical 
machines only) 


ESXi 
configuration 


System state 
(in cloud 
deployments 
only) 


SQL databases 
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Policy rules 


File filters 


Direct 
selection 


Policy rules 


File filters 


Direct 
selection 


Direct 
selection 


Direct 
selection 


NFS* 
Secure Zone* 


Managed 
location* 


Tape device* 


Cloud 

Local folder 
Network folder 
SFTP server* 
NFS* 


Managed 
location* 


Tape device* 
Cloud 

Local folder* 
Network folder* 
SFTP server* 
NFS* 

Secure Zone* 


Managed 
location* 


Tape device* 
Local folder 
Network folder 
SFTP server 
NFS* 

Cloud 

Local folder 
Network folder 
Cloud 

Local folder 


Network folder 


Monthly full, Weekly 
differential, Daily 
incremental (GFS) 


Custom (F-D-1) 


By total size of 


Always full backups* 


Weekly full, Daily 
incremental 


Keep indefinitely 


Monthly full, Weekly 


differential, Daily 


incremental (GFS) 


Always incremental (Single- 
file)* 


Custom (F-D-1) 


Always full 
Weekly full, daily incremental 


Custom (F-I) 
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Managed 


location* 


Exchange Direct Tape device 


databases selection 


Exchange Direct 
mailboxes selection 


Cloud 


Local folder 


Always incremental (Single- 
Network folder file) 


Wanagsa By backup age 
i * 

nev (single rule/per 
Office 365 Direct backup set) 
mailboxes selection By number of 


backups 


Keep indefinitely 


* See the limitations below. 
5.1.1 Limitations 


SFTP server and tape device 


e These locations cannot be a destination for backups of machines running macos. 
e These locations cannot be a destination for application-aware backups. 


e The Always incremental (single-file) backup scheme is not available when backing up to these 
locations. 


e The By total size of backups retention rule is not available for these locations. 


NFS 


e Backup to NFS shares is not available in Windows. 
e The Always incremental (single-file) backup scheme for Files (physical machines) is not 
available when backing up to NFS shares. 


Secure Zone 


e Secure Zone cannot be created ona Mac. 
e The Always incremental (single-file) backup scheme for Files (physical machines) is not 
available when backing up to Secure Zone. 


Managed location 


e A managed location with enabled deduplication or encryption cannot be selected as the 
destination: 


o Ifthe backup scheme is set to Always incremental (single-file) 
o Ifthe backup format is set to Version 12 
o For disk-level backups of machines running macOS 
o For backups of Exchange mailboxes and Office 365 mailboxes. 
e The By total size of backups retention rule is not available for a managed location with enabled 
deduplication. 


Always incremental (single-file) 


e The Always incremental (single-file) backup scheme is not available when backing up to an 
SFTP server or a tape device. 

e The Always incremental (single-file) backup scheme for Files (physical machines) is available 
only when the primary backup location is Acronis Cloud. 


By total size of backups 


e The By total size of backups retention rule is not available: 
o Ifthe backup scheme is set to Always incremental (single-file) 
o When backing up to an SFTP server, a tape device, or a managed location with enabled 
deduplication. 


5.2 Selecting data to back up 


5.2.1 Selecting files/folders 


File-level backup is available for physical machines and virtual machines backed up by an agent 
installed in the guest system. 


A file-level backup is not sufficient for recovery of the operating system. Choose file backup if you 
plan to protect only certain data (the current project, for example). This will reduce the backup size, 
thus saving storage space. 


There are two ways of selecting files: directly on each machine or by using policy rules. Either method 
allows you to further refine the selection by setting the file filters. 


Direct selection 


1. In What to back up, select Files/folders. 
2. Click Items to back up. 
3. In Select items for backup, select Directly. 
4. For each of the machines included in the backup plan: 
a. Click Select files and folders. 
b. Click Local folder or Network folder. 
The share must be accessible from the selected machine. 


c. Browse to the required files/folders or enter the path and click the arrow button. If prompted, 
specify the user name and password for the shared folder. 


Backing up a folder with anonymous access is not supported. 
d. Select the required files/folders. 


e. Click Done. 


Using policy rules 


In What to back up, select Files/folders. 
Click Items to back up. 


In Select items for backup, select Using policy rules. 


e wh a 


Select any of the predefined rules, type your own rules, or combine both. 


The policy rules will be applied to all of the machines included in the backup plan. If no data 
meeting at least one of the rules is found on a machine when the backup starts, the backup will 
fail on that machine. 


5. Click Done. 


Selection rules for Windows 


e Full path to a file or folder, for example D:\Work\Text.doc or C:\Windows. 
e Templates: 
o [All Files] selects all files on all volumes of the machine. 
o [All Profiles Folder] selects the folder where all user profiles are located (typically, C:\Users 
or C:\Documents and Settings). 
e Environment variables: 
o %ALLUSERSPROFILE% selects the folder where the common data of all user profiles is located 
(typically, C:\ProgramData or C:\Documents and Settings\All Users). 


o %PROGRAMFILES% selects the Program Files folder (for example, C:\Program Files). 
o %WINDIR% selects the folder where Windows is located (for example, C:\Windows). 


You can use other environment variables or a combination of environment variables and text. For 
example, to select the Java folder in the Program Files folder, type: Y7PROGRAMFILES%\Java. 


Selection rules for Linux 

e Full path to a file or directory. For example, to back up file.txt on the volume /dev/hda3 
mounted on /home/usr/docs, specify /dev/hda3/file.txt or /home/usr/docs/file.txt. 
o /home selects the home directory of the common users. 
o /root selects the root user's home directory. 
o /usr selects the directory for all user-related programs. 
o /etc selects the directory for system configuration files. 

e Templates: 


o [All Profiles Folder] selects /home. This is the folder where all user profiles are located by 
default. 


Selection rules for macOS 


e Full path to a file or directory. 
e Templates: 


o [All Profiles Folder] selects /Users. This is the folder where all user profiles are located by 
default. 


Examples: 


e To back up file.txt on your desktop, specify /Users/<username>/Desktop/file.txt, where 
<username> is your user name. 


e To back up all users' home directories, specify /Users. 


e To back up the directory where the applications are installed, specify /Applications. 


5.2.2 Selecting system state 

System state backup is available for machines running Windows Vista and later. 
To back up system state, in What to back up, select System state. 

Asystem state backup is comprised of the following files: 


e Task scheduler configuration 

e VSS Metadata Store 

e Performance counter configuration information 
e MSSearch Service 

e Background Intelligent Transfer Service (BITS) 

e The registry 


e Windows Management Instrumentation (WMI) 


e Component Services Class registration database 


5.2.3 Selecting disks/volumes 


A disk-level backup contains a copy of a disk or a volume in a packaged form. You can recover 
individual disks, volumes, or files from a disk-level backup. 


A backup of an entire machine is a backup of all its non-removable disks. 


There are two ways of selecting disks/volumes: directly on each machine or by using policy rules. You 
can exclude files from a disk backup by setting the file filters. 


Direct selection 


Direct selection is available only for physical machines. To enable direct selection of disks and 
volumes in a virtual machine, you must install the Cyber Protection agent in its guest operating 
system. 


1. In What to back up, select Disks/volumes. 
2. Click Items to back up. 

3. In Select items for backup, select Directly. 
4 


For each of the machines included in the backup plan, select the check boxes next to the disks or 
volumes to back up. 


5. Click Done. 


Using policy rules 


1. In What to back up, select Disks/volumes. 

2. Click Items to back up. 

3. In Select items for backup, select Using policy rules. 

4. Select any of the predefined rules, type your own rules, or combine both. 


The policy rules will be applied to all of the machines included in the backup plan. If no data 
meeting at least one of the rules is found on a machine when the backup starts, the backup will 
fail on that machine. 


5. Click Done. 


Rules for Windows, Linux, and macOS 


e [All Volumes] selects all volumes on machines running Windows and all mounted volumes on 
machines running Linux or macOS. 


Rules for Windows 


e Drive letter (for example C:\) selects the volume with the specified drive letter. 


e [Fixed Volumes (physical machines) ] selects all volumes of physical machines, other than 
removable media. Fixed volumes include volumes on SCSI, ATAPI, ATA, SSA, SAS, and SATA devices, 
and on RAID arrays. 

e [BOOT+SYSTEM] selects the system and boot volumes. This combination is the minimal set of data 
that ensures recovery of the operating system from the backup. 

e [Disk 1] selects the first disk of the machine, including all volumes on that disk. To select another 
disk, type the corresponding number. 


Rules for Linux 


e /dev/hdal selects the first volume on the first IDE hard disk. 
e /dev/sdal selects the first volume on the first SCSI hard disk. 
e /dev/md1 selects the first software RAID hard disk. 


To select other basic volumes, specify /dev/xdyN, where: 


e "x" corresponds to the disk type 
e "y" corresponds to the disk number (a for the first disk, b for the second disk, and so on) 


e "N" isthe volume number. 


To select a logical volume, specify its path as it appears after running the 1s /dev/mapper command 
under the root account. For example: 


[root@localhost ~]# ls /dev/mapper/ 
control vg_1-lv1 vg_1-lv2 


This output shows two logical volumes, lv1 and Iv2, that belong to the volume group vg_1. To back 
up these volumes, enter: 


/dev/mapper/vg_1-lv1 
/dev/mapper/vg-1-1lv2 


Rules for macOS 


e [Disk 1] Selects the first disk of the machine, including all volumes on that disk. To select another 
disk, type the corresponding number. 


What does a disk or volume backup store? 


A disk or volume backup stores a disk or avolume file system as a whole and includes all of the 
information necessary for the operating system to boot. It is possible to recover disks or volumes as 
a whole from such backups as well as individual folders or files. 


With the sector-by-sector (raw mode) backup option enabled, a disk backup stores all the disk 
sectors. The sector-by-sector backup can be used for backing up disks with unrecognized or 
unsupported file systems and other proprietary data formats. 


Windows 


Avolume backup stores all files and folders of the selected volume independent of their attributes 
(including hidden and system files), the boot record, the file allocation table (FAT) if it exists, the root 
and the zero track of the hard disk with the master boot record (MBR). 


A disk backup stores all volumes of the selected disk (including hidden volumes such as the vendor's 
maintenance partitions) and the zero track with the master boot record. 


The following items are not included in a disk or volume backup (as well as in a file-level backup): 


The swap file (pagefile.sys) and the file that keeps the RAM content when the machine goes into 
hibernation (hiberfil.sys). After recovery, the files will be re-created in the appropriate place with 
the zero size. 

If the backup is performed under the operating system (as opposed to bootable media or backing 

up virtual machines at a hypervisor level): 

o Windows shadow storage. The path to it is determined in the registry value VSS Default 
Provider which can be found in the registry key HKEY_LOCAL_ 
MACHINE\SYSTEM\CurrentControlSet\Control\BackupRestore\FilesNotToBackup. This 
means that in operating systems starting with Windows Vista, Windows Restore Points are not 
backed up. 


o Ifthe Volume Shadow Copy Service (VSS) backup option is enabled, files and folders that are 


specified in the HKEY_LOCAL_ 


MACHINE\SYSTEM\CurrentControlSet\Control\ BackupRestore\FilesNotToSnapshot 
registry key. 


Linux 


Avolume backup stores all files and directories of the selected volume independent of their 
attributes, a boot record, and the file system super block. 


A disk backup stores all disk volumes as well as the zero track with the master boot record. 


Mac 


A disk or volume backup stores all files and directories of the selected disk or volume, plus a 
description of the volume layout. 


The following items are excluded: 


e System metadata, such as the file system journal and Spotlight index 
e The Trash 


e Time machine backups 


Physically, disks and volumes on a Mac are backed up at a file level. Bare metal recovery from disk 
and volume backups is possible, but the sector-by-sector backup mode is not available. 


5.2.4 Selecting ESXi configuration 


A backup of an ESXi host configuration enables you to recover an ESXi host to bare metal. The 
recovery is performed under bootable media. 


The virtual machines running on the host are not included in the backup. They can be backed up and 
recovered separately. 


A backup of an ESXi host configuration includes: 


e The bootloader and boot bank partitions of the host. 

e The host state (configuration of virtual networking and storage, SSL keys, server network settings, 
and local user information). 

e Extensions and patches installed or staged on the host. 


e Log files. 


Prerequisites 


e SSH must be enabled in the Security Profile of the ESXi host configuration. 


e You must know the password for the 'root' account on the ESXi host. 


Limitations 


e ESXi configuration backup is not supported for VMware vSphere 6.7 and 7.0. 


e An ESXi configuration cannot be backed up to the cloud storage. 
To select an ESXi configuration 


1. Click Devices > All devices, and then select the ESXi hosts that you want to back up. 

2. Click Backup. 

3. In What to back up, select ESXi configuration. 

4. In ESXi 'root' password, specify a password for the 'root' account on each of the selected hosts 
or apply the same password to all of the hosts. 


5.3 Selecting a destination 


Note 
In cloud deployments, some of the features described in this section might not be available or might 
be different. 


To select a backup location 


1. Click Where to back up. 
2. Do one of the following: 
e Select a previously used or predefined backup location 


e Click Add location, and then specify a new backup location. 


5.3.1 Supported locations 


e Cloud storage 
Backups will be stored in the cloud data center. 

e Local folder 
If a single machine is selected, browse to a folder on the selected machine or type the folder path. 
If multiple machines are selected, type the folder path. Backups will be stored in this folder on each 
of the selected physical machines or on the machine where the agent for virtual machines is 
installed. If the folder does not exist, it will be created. 


e Network folder 
This is a folder shared via SMB/CIFS/DFS. 
Browse to the required shared folder or enter the path in the following format: 
o For SMB/CIFS shares: \\<host name>\<path>\ or smb: //<host name>/<path>/ 
o For DFS shares: \\<full DNS domain name>\<DFS root>\<path> 

For example, \\example . company . com\shared\ files 

Then, click the arrow button. If prompted, specify the user name and password for the shared 
folder. You can change these credentials at any time by clicking the key icon next to the folder 
name. 
Backing up to a folder with anonymous access is not supported. 

e Acronis Cyber Infrastructure 
Acronis Cyber Infrastructure can be used as highly reliable software-defined storage with data 
redundancy and automatic self-healing. The storage can be configured as a gateway for storing 
backups in Microsoft Azure or in one of a variety of storage solutions compatible with S3 or Swift. 
The storage can also employ the NFS back-end. For more information, refer to "About Acronis 
Cyber Infrastructure". 


e NFS folder (available for machines running Linux or macOS) 
Browse to the required NFS folder or enter the path in the following format: 
nfs://<host name>/<exported folder>:/<subfolder> 
Then, click the arrow button. 
It is not possible to back up to an NFS folder protected with a password. 
e Secure Zone (available if it is present on each of the selected machines) 
Secure Zone is a secure partition on a disk of the backed-up machine. This partition has to be 
created manually prior to configuring a backup. For information about how to create Secure Zone, 
its advantages and limitations, refer to "About Secure Zone". 
e SFTP 
Type the SFTP server name or address. The following notations are supported: 
sftp://<server> 
sftp: //<server>/<folder> 
After entering the user name and password, you can browse the server folders. 


In either notation, you can also specify the port, user name, and password: 


sftp://<server>:<port>/<folder> 

sftp://<user name>@<server>:<port>/<folder> 

sftp://<user name>:<password>@<server>:<port>/<folder> 

If the port number is not specified, port 22 is used. 

Users, for whom SFTP access with no password is configured, cannot back up to SFTP. 


Backing up to FTP servers is not supported. 


5.3.2 Advanced storage options 


Note 
This functionality is available only with the Acronis Cyber Backup Advanced license. 


Defined by a script (available for machines running Windows) 


You can store each machine's backups in a folder defined by a script. The software supports scripts 
written in JScript, VBScript, or Python 3.5. When deploying the backup plan, the software runs the 
script on each machine. The script output for each machine should be a local or network folder path. 
If a folder does not exist, it will be created (limitation: scripts written in Python cannot create folders 
on network shares). On the Backups tab, each folder is shown as a separate backup location. 


In Script type, select the script type (JScript, VBScript, or Python), and then import, or copy and 
paste the script. For network folders, specify the access credentials with the read/write permissions. 


Example. The following JScript script outputs the backup location for a machine in the format 


\\bkpsrv\<machine name>: 


WScript.echo("\\\\bkpsrv\\" + WScript.CreateObject 
C"WScript.Network").ComputerName) ; 


As a result, the backups of each machine will be saved in a folder of the same name on the server 
bkpsrv. 


e Storage node 
A storage node is a server designed to optimize the usage of various resources (such as the 
corporate storage capacity, the network bandwidth, and the production servers’ CPU load) that are 
required to protect enterprise data. This goal is achieved by organizing and managing the locations 
that serve as dedicated storages of the enterprise backups (managed locations). 
You can select a previously created location or create a new one by clicking Add location > 
Storage node. For information about the settings, refer to "Adding a managed location". 
You may be prompted to specify the user name and password for the storage node. Members of 
the following Windows groups on the machine where a storage node is installed have access to all 
managed locations on the storage node: 
o Administrators 


o Acronis ASN Remote Users 


This group is created automatically when the storage node is installed. By default, this group is 
empty. You can add users to this group manually. 
e Tape 
If atape device is attached to the backed-up machine or to a storage node, the location list shows 
the default tape pool. This pool is created automatically. 
You can select the default pool or create a new one by clicking Add location > Tape. For 
information about pool settings, refer to "Creating a pool". 


5.3.3 About Secure Zone 


Secure Zone is a secure partition on a disk of the backed-up machine. It can store backups of disks or 
files of this machine. 


Should the disk experience a physical failure, the backups located in the Secure Zone may be lost. 
That's why Secure Zone should not be the only location where a backup is stored. In enterprise 
environments, Secure Zone can be thought of as an intermediate location used for backup when an 
ordinary location is temporarily unavailable or connected through a slow or busy channel. 


Why use Secure Zone? 
Secure Zone: 


e Enables recovery of a disk to the same disk where the disk's backup resides. 

e Offers a cost-effective and handy method for protecting data from software malfunction, virus 
attack, human error. 

e Eliminates the need for a separate media or network connection to back up or recover the data. 
This is especially useful for roaming users. 


e Can serve as a primary destination when using replication of backups. 


Limitations 


e Secure Zone cannot be organized on a Mac. 

e Secure Zone is a partition on a basic disk. It cannot be organized on a dynamic disk or created as a 
logical volume (managed by LVM). 

e Secure Zone is formatted with the FAT32 file system. Because FAT32 has a 4-GB file size limit, 
larger backups are split when saved to Secure Zone. This does not affect the recovery procedure 
and speed. 


e Secure Zone does not support the single-file backup format!. When you change the destination to 
Secure Zone in a backup plan that has the Always incremental (Single-file) backup scheme, the 
scheme is changed to Weekly full, daily incremental. 


How creating Secure Zone transforms the disk 


e Secure Zone is always created at the end of the hard disk. 

e If there is no or not enough unallocated space at the end of the disk, but there is unallocated space 
between volumes, the volumes will be moved to add more unallocated space to the end of the 
disk. 

e When all unallocated space is collected but it is still not enough, the software will take free space 
from the volumes you select, proportionally reducing the volumes' size. 

e However, there should be free space on a volume, so that the operating system and applications 
can operate; for example, create temporary files. The software will not decrease a volume where 
free space is or becomes less than 25 percent of the total volume size. Only when all volumes on 
the disk have 25 percent or less free space, will the software continue decreasing the volumes 
proportionally. 


As is apparent from the above, specifying the maximum possible Secure Zone size is not advisable. 
You will end up with no free space on any volume, which might cause the operating system or 
applications to work unstably and even fail to start. 


Important 
Moving or resizing the volume from which the system is booted requires a reboot. 


How to create Secure Zone 


1. Select the machine that you want to create Secure Zone on. 

2. Click Details > Create Secure Zone . 
Under Secure Zone disk, click Select, and then select a hard disk (if several) on which to create 
the zone. 
The software calculates the maximum possible size of Secure Zone. 

4. Enter the Secure Zone size or drag the slider to select any size between the minimum and the 
maximum ones. 
The minimum size is approximately 50 MB, depending on the geometry of the hard disk. The 
maximum size is equal to the disk's unallocated space plus the total free space on all of the disk's 
volumes. 


1A new backup format, in which the initial full and subsequent incremental backups are saved to a single .tib file, 
instead of a chain of files. This format leverages the speed of the incremental backup method, while avoiding its 
main disadvantage-difficult deletion of outdated backups. The software marks the blocks used by outdated backups 
as "free" and writes new backups to these blocks. This results in extremely fast cleanup, with minimal resource 
consumption. The single-file backup format is not available when backing up to locations that do not support 
random-access reads and writes, for example, SFTP servers. 


5. Ifall unallocated space is not enough for the size you specified, the software will take free space 
from the existing volumes. By default, all volumes are selected. If you want to exclude some 
volumes, click Select volumes. Otherwise, skip this step. 


X Create Secure Zone 


Secure Zone disk 


æ Disk 1, 60.0 GB 


Maximum possible size of Secure Zone: 35.9 GB 


Secure Zone size: 
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There is not enough unallocated space. Free space will be taken 
from all volumes where it is present. 


Select volumes 


Password protection 


@_) off 


6. [Optional] Enable the Password protection switch and specify a password. 
The password will be required to access the backups located in Secure Zone. Backing up to Secure 
Zone does not require a password, unless the backup if performed under bootable media. 

7. Click Create. 
The software displays the expected partition layout. Click OK. 


8. Wait while the software creates Secure Zone. 


You can now choose Secure Zone in Where to back up when creating a backup plan. 


How to delete Secure Zone 


1. Select a machine with Secure Zone. 

2. Click Details. 

3. Click the gear icon next to Secure Zone , and then click Delete. 

4. [Optional] Specify the volumes to which the space freed from the zone will be added. By default, 
all volumes are selected. 
The space will be distributed equally among the selected volumes. If you do not select any 
volumes, the freed space will become unallocated. 
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Resizing the volume from which the system is booted requires a reboot. 
5. Click Delete. 


As aresult, Secure Zone will be deleted along with all backups stored in it. 


5.3.4 About Acronis Cyber Infrastructure 


Acronis Cyber Backup 12.5, starting with Update 2, supports integration with Acronis Storage 2.3 or 
its later versions named Acronis Cyber Infrastructure. 


Deployment 


In order to use Acronis Cyber Infrastructure, deploy it on bare metal on your premises. At least five 
physical servers are recommended to take full advantage of the product. If you only need the 
gateway functionality, you can use one physical or virtual server, or configure a gateway cluster with 
as many servers as you want. 


Ensure that the time settings are synchronized between the management server and Acronis Cyber 
Infrastructure. The time settings for Acronis Cyber Infrastructure can be configured during 
deployment. Time synchronization via Network Time Protocol (NTP) is enabled by default. 


You can deploy several instances of Acronis Cyber Infrastructure and register them on the same 
management server. 


Registration 


The registration is performed in the Acronis Cyber Infrastructure web interface. Acronis Cyber 
Infrastructure can be registered only by organization administrators and only in the organization. 
Once registered, the storage becomes available to all of the organization units. It can be added as a 
backup location to any unit or to the organization. 


The reverse operation (deregistration) is performed in the Acronis Cyber Backup interface. Click 
Settings > Storage nodes, click the required Acronis Cyber Infrastructure, and then click Delete. 


Adding a backup location 


Only one backup location on each Acronis Cyber Infrastructure instance can be added to a unit or 
organization. A location added at a unit level is available to this unit and to the organization 
administrators. A location added at the organization level is available only to the organization 
administrators. 


When adding a location, you create and enter its name. Should you need to add an existing location 
to anew or different management server, select the Use an existing location... check box, click 
Browse, and then select the location from the list. 


If several instances of Acronis Cyber Infrastructure are registered on the management server, it is 
possible to select an Cyber Infrastructure instance when adding a location. 


Backup schemes, operations, and limitations 


Direct access to Acronis Cyber Infrastructure from bootable media is not available. To work with 
Acronis Cyber Infrastructure, register the media on the management server and manage it via the 
backup console. 


Access to Acronis Cyber Infrastructure via the command-line interface is not available. 


Interms of available backup schemes and operations with backups, Acronis Cyber Infrastructure is 
similar to the cloud storage. The only difference is that backups can be replicated from Acronis Cyber 
Infrastructure during execution of a backup plan. 


Documentation 


The full set of the Acronis Cyber Infrastructure documentation is available on the Acronis web site. 


5.4 Schedule 


Note 
In cloud deployments, some of the features described in this section might not be available or might 
be different. 


The schedule employs the time settings (including the time zone) of the operating system where the 
agent installed. The time zone of Agent for VMware (Virtual Appliance) can be configured in the 
agent's interface. 


For example, if a backup plan is scheduled to run at 21:00 and applied to several machines located in 
different time zones, the backup will start on each machine at 21:00 local time. 


The scheduling parameters depend on the backup destination. 


5.4.1 When backing up to cloud storage 


By default, backups are performed on a daily basis, Monday to Friday. You can select the time to run 
the backup. 


If you want to change the backup frequency, move the slider, and then specify the backup schedule. 
You can schedule the backup to run by events, instead of by time. To do this, select the event type in 


the schedule selector. For more information, refer to "Schedule by events". 


Important 
The first backup is full, which means that it is the most time-consuming. All subsequent backups are 
incremental and take significantly less time. 


5.4.2 When backing up to other locations 


You can choose one of the predefined backup schemes or create a custom scheme. A backup scheme 
is a part of the backup plan that includes the backup schedule and the backup methods. 


In Backup scheme, select one of the following: 


[Only for disk-level backups] Always incremental (single-file) 

By default, backups are performed on a daily basis, Monday to Friday. You can select the time to 
run the backup. 

If you want to change the backup frequency, move the slider, and then specify the backup 
schedule. 

The backups use the new single-file backup format!. 

This scheme is not available when backing up to a tape device, an SFTP server, or Secure Zone. 
Always full 


By default, backups are performed on a daily basis, Monday to Friday. You can select the time to 
run the backup. 

If you want to change the backup frequency, move the slider, and then specify the backup 
schedule. 

All backups are full. 

Weekly full, Daily incremental 

By default, backups are performed on a daily basis, Monday to Friday. You can modify the days of 
the week and the time to run the backup. 

A full backup is created once a week. All other backups are incremental. The day on which the full 
backup is created depends on the Weekly backup option (click the gear icon, then Backup 
options > Weekly backup). 

Monthly full, Weekly differential, Daily incremental (GFS) 

By default, incremental backups are performed on a daily basis, Monday to Friday; differential 
backups are performed every Saturday; full backups are performed on the first day of each 
month. You can modify these schedules and the time to run the backup. 

This backup scheme is displayed as a Custom scheme on the backup plan panel. 

Custom 

Specify schedules for full, differential, and incremental backups. 


Differential backup is not available when backing up SQL data, Exchange data, or system state. 


1A new backup format, in which the initial full and subsequent incremental backups are saved to a single .tib file, 


instead of a chain of files. This format leverages the speed of the incremental backup method, while avoiding its 
main disadvantage-difficult deletion of outdated backups. The software marks the blocks used by outdated backups 
as "free" and writes new backups to these blocks. This results in extremely fast cleanup, with minimal resource 


consumption. The single-file backup format is not available when backing up to locations that do not support 
random-access reads and writes, for example, SFTP servers. 


With any backup scheme, you can schedule the backup to run by events, instead of by time. To do 
this, select the event type in the schedule selector. For more information, refer to "Schedule by 
events". 


5.4.3 Additional scheduling options 
With any destination, you can do the following: 


e Specify the backup start conditions, so that a scheduled backup is performed only if the conditions 
are met. For more information, refer to "Start conditions". 

e Set a date range for when the schedule is effective. Select the Run the plan within a date 
range check box, and then specify the date range. 

e Disable the schedule. While the schedule is disabled, the retention rules are not applied unless a 
backup is started manually. 

e Introduce a delay from the scheduled time. The delay value for each machine is selected randomly 
and ranges from zero to the maximum value you specify. You may want to use this setting when 
backing up multiple machines to a network location, to avoid excessive network load. 

Click the gear icon, then Backup options > Scheduling. Select Distribute backup start times 
within a time window, and then specify the maximum delay. The delay value for each machine is 
determined when the backup plan is applied to the machine and remains the same until you edit 
the backup plan and change the maximum delay value. 


Note 
In cloud deployments, this option is enabled by default, with the maximum delay set to 30 
minutes. In on-premises deployments, by default all backups start exactly as scheduled. 


e Click Show more to access the following options: 

o If the machine is turned off, run missed tasks at the machine startup (disabled by 
default) 

o Prevent the sleep or hibernate mode during backup (enabled by default) 
This option is effective only for machines running Windows. 

o Wake up from the sleep or hibernate mode to start a scheduled backup (disabled by 
default) 
This option is effective only for machines running Windows. This option is not effective when 
the machine is powered off, i.e. the option does not employ the Wake-on-LAN functionality. 


5.4.4 Schedule by events 


When setting up a schedule for a backup plan, you can select the event type in the schedule selector. 
The backup will be launched as soon as the event occurs. 


You can choose one of the following events: 


e Upon time since last backup 
This is the time since the completion of the last successful backup within the same backup plan. 
You can specify the length of time. 

e When a user logs on to the system 


By default, logging on of any user will initiate a backup. You can change any user to a specific user 
account. 


e When a user logs off the system 


By default, logging off of any user will initiate a backup. You can change any user to a specific user 
account. 


Note 
The backup will not run at a system shutdown because shutting down is not the same as logging 
off. 


e On the system startup 
e On the system shutdown 
e On Windows Event Log event 


You must specify the event properties. 


The table below lists the events available for various data under Windows, Linux, and macOS. 
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On the 
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On 
Windows 
Event Log 


WHAT TO BACK | Upon time | When a user 
since last logs on to 
backup the system 


Disks/volumes 
or files (physical 
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Windows 
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Windows 


On Windows Event Log event 


You can schedule a backup to start when a certain Windows event has been recorded in one of the 
event logs, such as the Application, Security, or System log. 


For example, you may want to set up a backup plan that will automatically perform an emergency full 
backup of your data as soon as Windows discovers that your hard disk drive is about to fail. 


To browse the events and view the event properties, use the Event Viewer snap-in available in the 
Computer Management console. To be able to open the Security log, you must be a member of 
the Administrators group. 


Event properties 


Log name 


Specifies the name of the log. Select the name of a standard log (Application, Security, or 
System) from the list, or type a log name—for example: Microsoft Office Sessions 


Event source 


Specifies the event source, which typically indicates the program or the system component 
that caused the event—for example: disk 


Any event source that contains the specified string will trigger the scheduled backup. This 
option is not case sensitive. Thus, if you specify the string service, both Service Control Manager 
and Time-Service event sources will trigger a backup. 


Event type 
Specifies the event type: Error, Warning, Information, Audit success, or Audit failure. 
Event ID 


Specifies the event number, which typically identifies the particular kind of events among 
events from the same source. 


For example, an Error event with Event source disk and Event ID 7 occurs when Windows 
discovers a bad block on a disk, whereas an Error event with Event source disk and Event ID 15 
occurs when a disk is not ready for access yet. 


Example: "Bad block" emergency backup 


One or more bad blocks that have suddenly appeared on a hard disk usually indicate that the hard 
disk drive will soon fail. Suppose that you want to create a backup plan that will back up hard disk 
data as soon as such a situation occurs. 


When Windows detects a bad block on a hard disk, it records an event with the event source disk and 
the event number 7 into the System log; the type of this event is Error. 


When creating the plan, type or select the following in the Schedule section: 


« Log name: System 
- Event source: disk 
- Event type: Error 
e Event ID: 7 


Important 

To ensure that such a backup will complete despite the presence of bad blocks, you must make the 
backup ignore bad blocks. To do this, in Backup options, go to Error handling, and then select the 
Ignore bad sectors check box. 


5.4.5 Start conditions 


These settings add more flexibility to the scheduler, enabling it to execute a backup with respect to 
certain conditions. With multiple conditions, all of them must be met simultaneously to enable a 
backup to start. Start conditions are not effective when a backup is started manually. 


To access these settings, click Show more when setting up a schedule for a backup plan. 


The scheduler behavior, in case the condition (or any of multiple conditions) is not met, is defined by 
the Backup start conditions backup option. To handle the situation when the conditions are not met 
for too long and further delaying the backup is becoming risky, you can set the time interval after 
which the backup will run irrespective of the condition. 


The table below lists the start conditions available for various data under Windows, Linux, and 
macOS. 
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User is idle 


"User is idle" means that a screen saver is running on the machine or the machine is locked. 


Example 


Run the backup on the machine every day at 21:00, preferably when the user is idle. If the user is still 
active by 23:00, run the backup anyway. 


e Schedule: Daily, Run every day. Start at: 21:00. 

e Condition: User is idle. 

e Backup start conditions: Wait until the conditions are met, Start the backup anyway after 
2 hour(s). 


As aresult, 
(1) If the user becomes idle before 21:00, the backup will start at 21:00. 


(2) If the user becomes idle between 21:00 and 23:00, the backup will start immediately after the 
user becomes idle. 


(3) If the user is still active at 23:00, the backup will start at 23:00. 


The backup location's host is available 


"The backup location's host is available" means that the machine hosting the destination for storing 
backups is available over the network. 


This condition is effective for network folders, the cloud storage, and locations managed by a storage 
node. 


This condition does not cover the availability of the location itself — only the host availability. For 
example, if the host is available, but the network folder on this host is not shared or the credentials 
for the folder are no longer valid, the condition is still considered met. 


Example 


Data is backed up to a network folder every workday at 21:00. If the machine that hosts the folder is 
not available at that moment (for instance, due to maintenance work), you want to skip the backup 
and wait for the scheduled start on the next workday. 


e Schedule: Daily, Run Monday to Friday. Start at: 21:00. 
e Condition: The backup location's host is available. 
e Backup start conditions: Skip the scheduled backup. 


As aresult: 
(1) If 21:00 comes and the host is available, the backup will start immediately. 


(2) If 21:00 comes but the host is unavailable, the backup will start on the next workday if the host is 
available. 


(3) If the host is never available on workdays at 21:00, the backup will never start. 


Users logged off 


Enables you to put a backup on hold until all users log off from Windows. 


Example 


Run the backup at 20:00 every Friday, preferably when all users are logged off. If one of the users is 
still logged on at 23:00, run the backup anyway. 


e Schedule: Weekly, on Fridays. Start at: 20:00. 
e Condition: Users logged off. 


e Backup start conditions: Wait until the conditions are met, Start the backup anyway after 
3 hour(s). 


As aresult: 
(1) If all users are logged off at 20:00, the backup will start at 20:00. 


(2) If the last user logs off between 20:00 and 23:00, the backup will start immediately after the user 
logs off. 


(3) If any user is still logged on at 23:00, the backup will start at 23:00. 


Fits the time interval 


Restricts a backup start time to a specified interval. 


Example 


A company uses different locations on the same network-attached storage for backing up users' data 
and servers. The workday starts at 08:00 and ends at 17:00. Users' data should be backed up as 
soon as the users log off, but not earlier than 16:30. Every day at 23:00 the company's servers are 
backed up. So, all the users' data should preferably be backed up before this time, in order to free 
network bandwidth. It is assumed that backing up user's data takes no more than one hour, so the 
latest backup start time is 22:00. If a user is still logged on within the specified time interval, or logs 
off at any other time - do not back up the users’ data, i.e., skip backup execution. 


e Event: When a user logs off the system. Specify the user account: Any user. 
e Condition: Fits the time interval from 16:30 to 22:00. 
e Backup start conditions: Skip the scheduled backup. 


As aresult: 


(1) if the user logs off between 16:30 and 22:00, the backup will start immediately following the 
logging off. 


(2) if the user logs off at any other time, the backup will be skipped. 


Save battery power 


Prevents a backup if the device (a laptop or a tablet) is not connected to a power source. Depending 
on the value of the Backup start conditions backup option, the skipped backup will or will not be 
started after the device is connected to a power source. The following options are available: 


« Do not start when on battery 
A backup will start only if the device is connected to a power source. 

e Start when on battery if the battery level is higher than 
A backup will start if the device is connected to a power source or if the battery level is higher than 
the specified value. 


Example 


Data is backed up every workday at 21:00. If the device is not connected to a power source (for 
instance, the user is attending a late meeting), you want to skip the backup to save the battery power 
and wait until the user connects the device to a power source. 


e Schedule: Daily, Run Monday to Friday. Start at: 21:00. 
e Condition: Save battery power, Do not start when on battery. 


e Backup start conditions: Wait until the conditions are met. 
As aresult: 


(1) If 21:00 comes and the device is connected to a power source, the backup will start immediately. 


(2) If 21:00 comes and the device is running on battery power, the backup will start as soon as the 
device is connected to a power source. 


Do not start when on metered connection 


Prevents a backup (including a backup to a local disk) if the device is connected to the Internet by 
using a connection that is set as metered in Windows. For more information about metered 
connections in Windows, refer to https://support.microsoft.com/en-us/help/17452/windows- 
metered-internet-connections-faq. 


As an additional measure to prevent backups over mobile hotspots, when you enable the Do not 
start when on metered connection condition, the condition Do not start when connected to 
the following Wi-Fi networks is enabled automatically. The following network names are specified 
by default: "android", "phone", "mobile", and "modem". You can delete these names from the list by 
clicking on the X sign. 


Example 


Data is backed up every workday at 21:00. If the device is connected to the Internet by using a 
metered connection (for instance, the user is on a business trip), you want to skip the backup to save 
the network traffic and wait for the scheduled start on the next workday. 


e Schedule: Daily, Run Monday to Friday. Start at: 21:00. 
e Condition: Do not start when on metered connection. 


e Backup start conditions: Skip the scheduled backup. 
As aresult: 


(1) If 21:00 comes and the device is not connected to the Internet by using a metered connection, the 
backup will start immediately. 


(2) If 21:00 comes and the device is connected to the Internet by using a metered connection, the 
backup will start on the next workday. 


(3) If the device is always connected to the Internet by using a metered connection on workdays at 
21:00, the backup will never start. 


Do not start when connected to the following Wi-Fi networks 


Prevents a backup (including a backup to a local disk) if the device is connected to any of the specified 
wireless networks. You can specify the Wi-Fi network names, also known as service set identifiers 
(SSID). 


The restriction applies to all networks that contain the specified name as a substring in their name, 
case-insensitive. For example, if you specify "phone" as the network name, the backup will not start 
when the device is connected to any of the following networks: "John's iPhone", "pohone wifi", or "my_ 
PHONE _wifi". 


This condition is useful to prevent backups when the device is connected to the Internet by using a 
mobile phone hotspot. 


As an additional measure to prevent backups over mobile hotspots, the Do not start when 
connected to the following Wi-Fi condition is enabled automatically when you enable the Do not 
start when on metered connection condition. The following network names are specified by 
default: "android", "phone", "mobile", and "modem". You can delete these names from the list by 
clicking on the X sign. 


Example 


Data is backed up every workday at 21:00. If the device is connected to the Internet by using a 
mobile hotspot (for example, a laptop is connected in the tethering mode), you want to skip the 
backup and wait for the scheduled start on the next workday. 


e Schedule: Daily, Run Monday to Friday. Start at: 21:00. 
e Condition: Do not start when connected to the following networks, Network name: <SSID 
of the hotspot network>. 


e Backup start conditions: Skip the scheduled backup. 
As aresult: 


(1) If 21:00 comes and the machine is not connected to the specified network, the backup will start 
immediately. 


(2) If 21:00 comes and the machine is connected to the specified network, the backup will start on 
the next workday. 


(3) If the machine is always connected to the specified network on workdays at 21:00, the backup will 
never start. 


Check device IP address 


Prevents a backup (including a backup to a local disk) if any of the device IP addresses are within or 
outside of the specified IP address range. The following options are available: 


e Start if outside IP range 


e Start if within IP range 
With either option, you can specify several ranges. Only IPv4 addresses are supported. 


This condition is useful in the event of a user being overseas, to avoid large data transit charges. Also, 
it helps to prevent backups over a Virtual Private Network (VPN) connection. 


Example 


Data is backed up every workday at 21:00. If the device is connected to the corporate network by 
using a VPN tunnel (for instance, the user is working from home), you want to skip the backup and 
wait until the user brings the device to the office. 


e Schedule: Daily, Run Monday to Friday. Start at: 21:00. 

e Condition: Check device IP address, Start if outside IP range, From: <beginning of the VPN 
IP address range>, TO: <end of the VPN IP address range>. 

e Backup start conditions: Wait until the conditions are met. 


As a result: 


(1) If 21:00 comes and the machine IP address is not in the specified range, the backup will start 
immediately. 


(2) If 21:00 comes and the machine IP address is in the specified range, the backup will start as soon 
as the device obtains a non-VPN IP address. 


(3) If the machine IP address is always in the specified range on workdays at 21:00, the backup will 
never start. 


5.5 Retention rules 


Note 
In cloud deployments, some of the features described in this section might not be available or might 


be different. 


Click How long to keep. 
2. In Cleanup, choose one of the following: 

e By backup age (default) 
Specify how long to keep backups created by the backup plan. By default, the retention rules 
are specified for each backup set! separately. If you want to use a single rule for all backups, 
click Switch to single rule for all backup sets. 

e« By number of backups 
Specify the maximum number of backups to keep. 

e By total size of backups 
Specify the maximum total size of backups to keep. 
This setting is not available with the Always incremental (single-file) backup scheme, or 
when backing up to the cloud storage, an SFTP server, or a tape device. 

e Keep backups indefinitely 


3. Select when to start the cleanup: 


1A group of backups to which an individual retention rule can be applied. For the Custom backup scheme, the 
backup sets correspond to the backup methods (Full, Differential, and Incremental). In all other cases, the backup 
sets are Monthly, Daily, Weekly, and Hourly. A monthly backup is the first backup created after a month starts. A 
weekly backup is the first backup created on the day of the week selected in the Weekly backup option (click the 
gear icon, then Backup options > Weekly backup). If a weekly backup is the first backup created after a month starts, 
this backup is considered monthly. In this case, a weekly backup will be created on the selected day of the next 
week. A daily backup is the first backup created after a day starts, unless this backup falls within the definition of a 
monthly or weekly backup. An hourly backup is the first backup created after an hour starts, unless this backup falls 
within the definition of a monthly, weekly, or daily backup. 


e After backup (default) 
The retention rules will be applied after a new backup is created. 
e Before backup 
The retention rules will be applied before a new backup is created. 
This setting is not available when backing up Microsoft SQL Server clusters or Microsoft 
Exchange Server clusters. 


5.5.1 What else you need to know 


e The last backup created by the backup plan always will be kept, even if a retention rule violation is 
detected. Please do not try to delete the only backup you have by applying the retention rules 
before backup. 

e Backups stored on tapes are not deleted until the tape is overwritten. 

e If, according to the backup scheme and backup format, each backup is stored as a separate file, 
this file cannot be deleted until the lifetime of all its dependent (incremental and differential) 
backups expires. This requires extra space for storing backups whose deletion is postponed. Also, 
the backup age, number, or size of backups may exceed the values you specify. 

This behavior can be changed by using the "Backup consolidation" backup option. 

e Retention rules are a part of a backup plan. They stop working for a machine's backups as soon as 
the backup plan is revoked from the machine, or deleted, or the machine itself is deleted from the 
management server. If you no longer need the backups created by the plan, delete them as 
described in "Deleting backups". 


5.6 Encryption 


We recommend that you encrypt all backups that are stored in the cloud storage, especially if your 
company is subject to regulatory compliance. 


Important 
There is no way to recover encrypted backups if you lose or forget the password. 


5.6.1 Encryption in a backup plan 


To enable encryption, specify the encryption settings when creating a backup plan. After a backup 
plan is applied, the encryption settings cannot be modified. To use different encryption settings, 
create a new backup plan. 


To specify the encryption settings in a backup plan 


1. On the backup plan panel, enable the Encryption switch. 
2. Specify and confirm the encryption password. 
3. Select one of the following encryption algorithms: 
e AES 128 - the backups will be encrypted by using the Advanced Encryption Standard (AES) 
algorithm with a 128-bit key. 


e AES 192 - the backups will be encrypted by using the AES algorithm with a 192-bit key. 
e AES 256 - the backups will be encrypted by using the AES algorithm with a 256-bit key. 
4. Click OK. 


5.6.2 Encryption as a machine property 


This option is intended for administrators who handle backups of multiple machines. If you need a 
unique encryption password for each machine or if you need to enforce encryption of backups 
regardless of the backup plan encryption settings, save the encryption settings on each machine 
individually. The backups will be encrypted using the AES algorithm with a 256-bit key. 


Saving the encryption settings on a machine affects the backup plans in the following way: 


- Backup plans that are already applied to the machine. If the encryption settings in a backup 
plan are different, the backups will fail. 


- Backup plans that will be applied to the machine later. The encryption settings saved on a 
machine will override the encryption settings in a backup plan. Any backup will be encrypted, even 
if encryption is disabled in the backup plan settings. 


This option can be used on a machine running Agent for VMware. However, be careful if you have 
more than one Agent for VMware connected to the same vCenter Server. It is mandatory to use the 
same encryption settings for all of the agents, because there is a type of load balancing among them. 


After the encryption settings are saved, they can be changed or reset as described below. 


Important 
If a backup plan that runs on this machine has already created backups, changing the encryption 
settings will cause this plan to fail. To continue backing up, create a new plan. 


To save the encryption settings on a machine 


1. Log on as an administrator (in Windows) or the root user (in Linux). 
2. Run the following script: 


e In Windows: <installation_path>\PyShell\bin\acropsh.exe -m manage creds -set- 
password <encryption_password> 


Here, <installation_path> is the backup agent installation path. By default, it is 
%ProgramFiles%\BackupClient in cloud deployments and %ProgramFiles%\Acronis in 
on-premises deployments. 


e In Linux: /usr/sbin/acropsh -m manage _creds --set-password <encryption_password> 
To reset the encryption settings on a machine 


1. Log on as an administrator (in Windows) or root user (in Linux). 
2. Run the following script: 


e In Windows: <installation_path>\PyShell\bin\acropsh.exe -m manage _creds --reset 


Here, <installation_path> is the backup agent installation path. By default, it is 
%ProgramFiles%\BackupClient in cloud deployments and %ProgramFiles%\Acronis in 
on-premises deployments. 


e In Linux: /usr/sbin/acropsh -m manage creds --reset 
To change the encryption settings by using Backup Monitor 


Log on as an administrator in Windows or macOS. 
Click the Backup Monitor icon in the notification area (in Windows) or the menu bar (in macOS). 
Click the gear icon. 


Click Encryption. 
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Do one of the following: 

e Select Set a specific password for this machine. Specify and confirm the encryption 
password. 

e Select Use encryption settings specified in the backup plan. 

6. Click OK. 


5.6.3 How the encryption works 


The AES cryptographic algorithm operates in the Cipher-block chaining (CBC) mode and uses a 
randomly generated key with a user-defined size of 128, 192 or 256 bits. The larger the key size, the 
longer it will take for the program to encrypt the backups and the more secure your data will be. 


The encryption key is then encrypted with AES-256 using an SHA-256 hash of the password as a key. 
The password itself is not stored anywhere on the disk or in the backups; the password hash is used 
for verification purposes. With this two-level security, the backup data is protected from any 
unauthorized access, but recovering a lost password is not possible. 


5.7 Notarization 


Note 
This functionality is not available in the Standard edition of Acronis Cyber Backup. 


Notarization enables you to prove that a file is authentic and unchanged since it was backed up. We 
recommend that you enable notarization when backing up your legal document files or other files 
that require proved authenticity. 


Notarization is available only for file-level backups. Files that have a digital signature are skipped, 
because they do not need to be notarized. 


Notarization is not available: 


e Ifthe backup format is set to Version 11 
e Ifthe backup destination is Secure Zone 


e Ifthe backup destination is a managed location with enabled deduplication or encryption 


5.7.1 How to use notarization 


To enable notarization of all files selected for backup (except for the files that have a digital 
signature), enable the Notarization switch when creating a backup plan. 


When configuring recovery, the notarized files will be marked with a special icon, and you can verify 
the file authenticity. 


5.7.2 How it works 


During a backup, the agent calculates the hash codes of the backed-up files, builds a hash tree (based 
on the folder structure), saves the tree in the backup, and then sends the hash tree root to the notary 
service. The notary service saves the hash tree root in the Ethereum blockchain database to ensure 
that this value does not change. 


When verifying the file authenticity, the agent calculates the hash of the file, and then compares it 
with the hash that is stored in the hash tree inside the backup. If these hashes do not match, the file 
is considered not authentic. Otherwise, the file authenticity is guaranteed by the hash tree. 


To verify that the hash tree itself was not compromised, the agent sends the hash tree root to the 
notary service. The notary service compares it with the one stored in the blockchain database. If the 
hashes match, the selected file is guaranteed to be authentic. Otherwise, the software displays a 
message that the file is not authentic. 


5.8 Conversion to a virtual machine 


Note 
In cloud deployments, some of the features described in this section might not be available or might 
be different. 


Conversion to a virtual machine is available only for disk-level backups. If a backup includes the 
system volume and contains all of the information necessary for the operating system to start, the 
resulting virtual machine can start on its own. Otherwise, you can add its virtual disks to another 
virtual machine. 


5.8.1 Conversion methods 


e Regular conversion 
There are two ways to configure a regular conversion: 
o Make the conversion a part of a backup plan 
The conversion will be performed after each backup (if configured for the primary location) or 
after each replication (if configured for the second and further locations). 
o Create a separate conversion plan 


This method enables you to specify a separate conversion schedule. 


e Recovery to a new virtual machine 


This method enables you to choose disks for recovery and adjust the settings for each virtual disk. 
Use this method to perform the conversion once or occasionally, for example, to perform a 
physical-to-virtual migration. 


5.8.2 What you need to know about conversion 


Supported virtual machine types 


Conversion of a backup to a virtual machine can be done by the same agent that created the backup 
or by another agent. 


To perform a conversion to VMware ESXi or Hyper-V, you need an ESXi or Hyper-V host and a backup 
agent (Agent for VMware or Agent for Hyper-V) that manages this host. 


Conversion to VHDX files assumes that the files will be connected as virtual disks to a Hyper-V virtual 
machine. 


The following table summarizes the virtual machine types that can be created by the agents: 


Agent for Agent for Agent for Agent for 
VMware Windows Linux Mac 


Microsoft Hyper- + 

V 

VMware + + + + 
Workstation 


Limitations 


e Agent for Windows, Agent for VMware (Windows), and Agent for Hyper-V cannot convert backups 
stored on NFS. 

e Backups stored on NFS or on an SFTP server cannot be converted in a separate conversion plan. 

e Backups stored in Secure Zone can be converted only by the agent running on the same machine. 

e Backups that contain Linux logical volumes (LVM) can be converted only if they were created by 
Agent for VMware or Agent for Hyper-V, and are directed to the same hypervisor. Cross-hypervisor 
conversion is not supported. 

e When backups of a Windows machine are converted to VMware Workstation or VHDx files, the 
resulting virtual machine inherits the CPU type from the machine that performs the conversion. As 
a result, the corresponding CPU drivers are installed in the guest operating system. If started ona 
host with a different CPU type, the guest system displays a driver error. Update this driver 
manually. 


Regular conversion to ESXi and Hyper-V vs. running a virtual machine from 
a backup 


Both operations provide you with a virtual machine that can be started in seconds if the original 
machine fails. 


Regular conversion takes CPU and memory resources. Files of the virtual machine constantly occupy 
space on the datastore (storage). This may be not practical if a production host is used for 
conversion. However, the virtual machine performance is limited only by the host resources. 


In the second case, the resources are consumed only while the virtual machine is running. The 
datastore (storage) space is required only to keep changes to the virtual disks. However, the virtual 
machine may run slower, because the host does not access the virtual disks directly, but 
communicates with the agent that reads data from the backup. In addition, the virtual machine is 
temporary. Making the machine permanent is possible only for ESXi. 


5.8.3 Conversion to a virtual machine in a backup plan 


You can configure the conversion to a virtual machine from any backup or replication location that is 
present in a backup plan. The conversion will be performed after each backup or replication. 


For information about prerequisites and limitations, please refer to "What you need to know about 
conversion". 


To set up a conversion to a virtual machine in a backup plan 


1. Decide from which backup location you want to perform the conversion. 
2. On the backup plan panel, click Convert to VM under this location. 
3. Enable the Conversion switch. 
4. In Convert to, select the type of the target virtual machine. You can select one of the following: 
e VMware ESXi 
e Microsoft Hyper-V 
« VMware Workstation 
e VHDX files 
5. Doone of the following: 
e For VMware ESXi and Hyper-V: click Host, select the target host, and then specify the new 
machine name template. 
e For other virtual machine types: in Path, specify where to save the virtual machine files and the 
file name template. 
The default name is [Machine Name] converted. 
6. [Optional] Click Agent that will perform conversion, and then select an agent. 
This may be the agent that performs the backup (by default) or an agent installed on another 
machine. If the latter is the case, the backups must be stored in a shared location such as a 
network folder, so that the other machine can access them. 


7. [Optional] For VMware ESXi and Hyper-V, you can also do the following: 
e Click Datastore for ESXi or Path for Hyper-V, and then select the datastore (storage) for the 
virtual machine. 
e Change the disk provisioning mode. The default setting is Thin for VMware ESXi and 
Dynamically expanding for Hyper-V. 
e Click VM settings to change the memory size, the number of processors, and the network 
connections of the virtual machine. 
8. Click Done. 


5.8.4 How regular conversion to VM works 
The way the repeated conversions work depends on where you choose to create the virtual machine. 


- If you choose to save the virtual machine as a set of files: each conversion re-creates the 
virtual machine from scratch. 

- If you choose to create the virtual machine on a virtualization server: when converting 
an incremental or differential backup, the software updates the existing virtual machine instead of 
re-creating it. Such conversion is normally faster. It saves network traffic and CPU resource of the 
host that performs the conversion. If updating the virtual machine is not possible, the software re- 
creates it from scratch. 


The following is a detailed description of both cases. 


If you choose to save the virtual machine as a set of files 


As aresult of the first conversion, a new virtual machine will be created. Every subsequent conversion 
will re-create this machine from scratch. First, the old machine is temporarily renamed. Then, a new 
virtual machine is created that has the previous name of the old machine. If this operation succeeds, 
the old machine is deleted. If this operation fails, the new machine is deleted and the old machine is 
given its previous name. This way, the conversion always ends up with a single machine. However, 
extra storage space is required during conversion to store the old machine. 


If you choose to create the virtual machine on a virtualization server 
The first conversion creates a new virtual machine. Any subsequent conversion works as follows: 


e If there has been a full backup since the last conversion, the virtual machine is re-created from 
scratch, as described earlier in this section. 

e Otherwise, the existing virtual machine is updated to reflect changes since the last conversion. If 
updating is not possible (for example, if you deleted the intermediate snapshots, see below), the 
virtual machine is re-created from scratch. 


Intermediate snapshots 


To be able to update the virtual machine, the software stores a few intermediate snapshots of it. 
They are named Backup... and Replica... and should be kept. Unneeded snapshots are deleted 
automatically. 


The latest Replica... snapshot corresponds to the result of the latest conversion. You can go to this 
snapshot if you want to return the machine to that state; for example, if you worked with the 
machine and now want to discard the changes made to it. 


Other snapshots are for internal use by the software. 


5.9 Replication 


Note 
In cloud deployments, some of the features described in this section might not be available or might 
be different. 


This section describes backup replication as a part of the backup plan. For information about creating 
a separate replication plan, refer to "Off-host data processing". 


If you enable backup replication, each backup will be copied to another location immediately after 
creation. If earlier backups were not replicated (for example, the network connection was lost), the 
software also replicates all of the backups that appeared after the last successful replication. 


Replicated backups do not depend on the backups remaining in the original location and vice versa. 
You can recover data from any backup, without access to other locations. 


5.9.1 Usage examples 


e Reliable disaster recovery 


Store your backups both on-site (for immediate recovery) and off-site (to secure the backups from 
local storage failure or a natural disaster). 


e Using the cloud storage to protect data from a natural disaster 
Replicate the backups to the cloud storage by transferring only the data changes. 
e Keeping only the latest recovery points 


Delete older backups from a fast storage according to retention rules, in order to not overuse 
expensive storage space. 


5.9.2 Supported locations 
You can replicate a backup from any of these locations: 


e Alocal folder 

e Anetwork folder 
e Secure Zone 

e An SFTP server 


e Locations managed by a storage node 


You can replicate a backup to any of these locations: 


e A local folder 

e A network folder 

e The cloud storage 

e An SFTP server 

e Locations managed by a storage node 
e Atape device 


To enable replication of backups 


1. On the backup plan panel, click Add location. 
The Add location control is shown only if replication is supported from the last selected location. 
2. Specify the location where the backups will be replicated. 


3. [Optional] In How long to keep, change the retention rules for the chosen location, as described 
in "Retention rules". 


4. [Optional] In Convert to VM, specify the settings for conversion to a virtual machine, as 
described in "Conversion to a virtual machine". 


5. [Optional] Click the gear icon > Performance and backup window, and then set the backup 
window for the chosen location, as described in "Performance and backup window". These 
settings will define the replication performance. 


6. [Optional] Repeat steps 1-5 for all locations where you want to replicate the backups. Up to five 
consecutive locations are supported, including the primary one. 


5.9.3 Considerations for users with the Advanced license 


Tip 
You can set up replication of backups from the cloud storage by creating a separate replication plan. 
For more information, refer to "Off-host data processing". 


Restrictions 


e Replicating backups from a location managed by a storage node to a local folder is not supported. 
A local folder means a folder on the machine with the agent that created the backup. 

e Replicating backups to a managed location with enabled deduplication is not supported for 
backups that have the Version 12 backup format. 


Which machine performs the operation? 


Replicating a backup from any location is initiated by the agent that created the backup and is 
performed: 


e By that agent, if the location is not managed by a storage node. 

e By the corresponding storage node, if the location is managed. However, replication of a backup 
from the managed location to the cloud storage is performed by the agent that created the 
backup. 


As follows from the above description, the operation will be performed only if the machine with the 
agent is powered on. 


Replicating backups between managed locations 


Replicating a backup from one managed location to another managed location is performed by the 
storage node. 


If deduplication is enabled for the target location (possibly on a different storage node), the source 
storage node sends only those blocks of data that are not present in the target location. In other 
words, like an agent, the storage node performs deduplication at the source. This saves network 
traffic when you replicate data between geographically separated storage nodes. 


5.10 Starting a backup manually 


1. Select a machine that has at least one applied backup plan. 
2. Click Backup. 
3. If more than one backup plans are applied, select the backup plan. 
4. Do one of the following: 
e Click Run now. An incremental backup will be created. 
e If the backup scheme includes several backup methods, you can choose the method to use. 
Click the arrow on the Run now button, and then select Full, Incremental, or Differential. 


The first backup created by a backup plan is always full. 


The backup progress is shown in the Status column for the machine. 


5.11 Backup options 


Note 
In cloud deployments, some of the features described in this section might not be available or might 
be different. 


To modify the backup options, click the gear icon next to the backup plan name, and then click 
Backup options. 


5.11.1 Availability of the backup options 
The set of available backup options depends on: 


e The environment the agent operates in (Windows, Linux, macOS). 
e The type of the data being backed up (disks, files, virtual machines, application data). 
e The backup destination (the cloud storage, local or network folder). 


The following table summarizes the availability of the backup options. 
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5.11.2 Alerts 


No successful backups for a specified number of consecutive days 
The preset is: Disabled. 


This option determines whether to generate an alert if no successful backups were performed by the 
backup plan for a specified period of time. In addition to failed backups, the software counts backups 
that did not run on schedule (missed backups). 


The alerts are generated on a per-machine basis and are displayed on the Alerts tab. 


You can specify the number of consecutive days without backups after which the alert is generated. 


5.11.3 Backup consolidation 

This option defines whether to consolidate backups during cleanup or to delete entire backup chains. 
The preset is: Disabled. 

Consolidation is the process of combining two or more subsequent backups into a single backup. 


If this option is enabled, a backup that should be deleted during cleanup is consolidated with the next 
dependent backup (incremental or differential). 


Otherwise, the backup is retained until all dependent backups become subject to deletion. This helps 
avoid the potentially time-consuming consolidation, but requires extra space for storing backups 
whose deletion is postponed. The backups' age or number can exceed the values specified in the 
retention rules. 


Important 

Please be aware that consolidation is just a method of deletion, but not an alternative to deletion. 
The resulting backup will not contain data that was present in the deleted backup and was absent 
from the retained incremental or differential backup. 


This option is not effective if any of the following is true: 


e The backup destination is a tape device or the cloud storage. 
e The backup scheme is set to Always incremental (single-file). 


e The backup format is set to Version 12. 


Backups stored on tapes cannot be consolidated. Backups stored in the cloud storage, as well as 
single-file backups (both version 11 and 12 formats), are always consolidated because their inner 
structure makes for fast and easy consolidation. 


However, if version 12 format is used, and multiple backup chains are present (every chain being 
stored in a separate .tibx file), consolidation works only within the last chain. Any other chain is 
deleted as a whole, except for the first one, which is shrunk to the minimum size to keep the meta 
information (~12 KB). This meta information is required to ensure the data consistency during 
simultaneous read and write operations. The backups included in these chains disappear from the 
GUI as soon as the retention rule is applied, although they physically exist until the entire chain is 
deleted. 


In all other cases, backups whose deletion is postponed are marked with the trash can icon (+) in 
the GUI. If you delete such a backup by clicking the X sign, consolidation will be performed. Backups 
stored on a tape disappear from the GUI only when the tape is overwritten or erased. 


5.11.4 Backup file name 
This option defines the names of the backup files created by the backup plan. 


These names can be seen in a file manager when browsing the backup location. 


What is a backup file? 


Each backup plan creates one or more files in the backup location, depending on which backup 
scheme and which backup format are used. The following table lists the files that can be created per 
machine or mailbox. 


=| Always incremental (single-file) Other backup schemes 


Version 11 One .tib file and one .xml metadata file Multiple .tib files and one .xml 
backup metadata file (traditional format) 
format 


Version 12 One .tibx file per backup chain (a full or differential 


backup backup, and all incremental backups that depend on it) 
format 


All files have the same name, with or without the addition of a timestamp or a sequence number. You 
can define this name (referred to as the backup file name) when creating or editing a backup plan. 


Note 
Timestamp is added to the backup file name only in the Version 11 backup format. 


After you change a backup file name, the next backup will be a full backup, unless you specify a file 
name of an existing backup of the same machine. If the latter is the case, a full, incremental, or 
differential backup will be created according to the backup plan schedule. 


Note that it is possible to set backup file names for locations that cannot be browsed by a file 
manager (such as the cloud storage or a tape device). This makes sense if you want to see the custom 
names on the Backups tab. 


Where can I see backup file names? 
Select the Backups tab, and then select the group of backups. 


e The default backup file name is shown on the Details panel. 


e If you set a non-default backup file name, it will be shown directly on the Backups tab, in the 
Name column. 


Limitations for backup file names 


e Abackup file name cannot end with a digit. 
Inthe default backup file name, to prevent the name from ending with a digit, the letter "A" is 
appended. When creating a custom name, always make sure that it does not end with a digit. 
When using variables, the name must not end with a variable, because a variable might end with a 
digit. 

e A backup file name cannot contain the following symbols: ()&?*$<>":\ |/#, line endings (An), and 
tabs (\t). 


Default backup file name 

The default backup file name is [Machine Name]-[Plan ID]-[Unique ID]JA. 

The default backup file name for mailbox backup is [Mailbox ID]_mailbox_[Plan IDJA. 
The name consists of the following variables: 


e [Machine Name] This variable is replaced with the name of the machine (the same name that is 
shown in the backup console) for all types of backed up data, except for Office 365 mailboxes. For 
Office 365 mailboxes, it is replaced with the mailbox user's principal name (UPN). 


e [Plan ID] This variable is replaced with a unique identifier of a backup plan. This value does not 
change if the plan is renamed. 


e [Unique ID] This variable is replaced with a unique identifier of the selected machine or mailbox. 
This value does not change if the machine is renamed or the mailbox UPN is changed. 
e [Mailbox ID] This variable is replaced with the mailbox UPN. 


e "A" isa safeguard letter that is appended to prevent the name from ending with a digit. 


The diagram below shows the default backup file name. 


[Machine name] [Plan ID] (36 characters) [Unique ID] (36 characters) 
lf ] 
Debian 9-676F898E-678E-4FA0-8339-AD90D0CA2E38-503DAF95-215B-CE3E-BA7D-23BA4E1D873EA TIBX 


Safeguard letter 


The diagram below shows the default backup file name for mailboxes. 


[Mailbox ID] [Plan ID] (36 characters) 


Office365_user@example.onmicrosoft.com_mailbox_D5E7E871-BDBC-4765-9B39-5DA173426E72A.TIBX 
A 


Safeguard 
letter 


Names without variables 


If you change the backup file name to MyBackup, the backup files will look like the following examples. 
Both examples assume daily incremental backups scheduled at 14:40, starting from September 13, 
2016. 


For the Version 12 format with the Always incremental (single-file) backup scheme: 
MyBackup. tibx 
For the Version 12 format with other backup schemes: 


MyBackup. tibx 
MyBackup-0001.tibx 
MyBackup-0002.tibx 


For the Version 11 format with the Always incremental (single-file) backup scheme: 


MyBackup. xml 
MyBackup. tib 


For the Version 11 format with other backup schemes: 


MyBackup. xml 

MyBackup_2016_9_13_14_49_20_403F.tib 
MyBackup_2016_9_14_14_43_00_221F.tib 
MyBackup_2016_9_15_14_45_56_30QF.tib 


Using variables 


Besides the variables that are used by default, you can use the [Plan name] variable, which is 
replaced with the name of the backup plan. 


If multiple machines or mailboxes are selected for backup, the backup file name must contain the 
[Machine Name], the [Mailbox ID], or the [Unique ID] variable. 


149 © Acronis International GmbH, 2003-2021 


Backup file name vs. simplified file naming 


Using plain text and/or variables, you can construct the same file names as in earlier Acronis Cyber 
Backup versions. However, simplified file names cannot be reconstructed—in version 12, a file name 
will have a time stamp unless a single-file format is used. 


Usage examples 


e View user-friendly file names 
You want to easily distinguish backups when browsing the backup location with a file manager. 

e Continue an existing sequence of backups 
Let's assume a backup plan is applied to a single machine, and you have to remove this machine 
from the backup console or to uninstall the agent along with its configuration settings. After the 
machine is re-added or the agent is reinstalled, you can force the backup plan to continue backing 
up to the same backup or backup sequence. Just go this option, click Select, and select the 
required backup. 


The Browse button shows the backups in the location selected in the Where to back up section 
of the backup plan panel. It cannot browse anything outside this location. 


File name template 


[Machine Name]-[Plan ID]-[Unique IDJA SELECT 


If the file name template is changed, the next backup will be a full backup. 


The following variables can be used: 
[Machine Name] 

[Plan ID] 

[Plan name] 

[Unique ID] 


e Upgrade from previous product versions 
If during the upgrade a backup plan did not migrate automatically, recreate the plan and point it to 
the old backup file. If only one machine is selected for backup, click Browse, and then select the 
required backup. If multiple machines are selected for backup, re-create the old backup file name 
by using variables. 


Note 
The Select button is only available for backup plans that are created for and applied to a single 
device. 


5.11.5 Backup format 


This option defines the format of the backups created by the backup plan. You can choose between 
the new format (Version 12) designed for faster backup and recovery, and the legacy format 
(Version 11) preserved for backward compatibility and special cases. After the backup plan is 
applied, this option cannot be modified. 


This option is not effective for mailbox backups. Mailbox backups always have Version 12 format. 
The preset is: Automatic selection. 
You can select one of the following: 


- Automatic selection 
Version 12 will be used unless the backup plan appends backups to the ones created by earlier 
product versions. 

e Version 12 
Anew format recommended in most cases for fast backup and recovery. Each backup chain (a full 
or differential backup, and all incremental backups that depend on it) is saved to a single .tibx file. 
With this format, the retention rule By total size of backups is not effective. 

e Version 11 
A legacy format to be used in a new backup plan that appends backups to the ones created by 
earlier product versions. 
Also, use this format (with any backup scheme except for Always incremental (single-file)) if 
you want full, incremental, and differential backups to be separate files. 
This format is automatically selected if the backup destination (or a replication destination) is a 
managed location with enabled deduplication. If you change the format to Version 12, the 
backups will fail. 


Note 
You cannot back up Database Availability Groups (DAG) by using archive format Version 11. 
Backing up of DAG is supported only in archive format Version 12. 


Backup format and backup files 


For backup locations that can be browsed with a file manager (such as local or network folders), the 
backup format determines the number of files and their extension. You can define the file names by 
using the backup file name option. The following table lists the files that can be created per machine 
or mailbox. 


[a Always incremental (single-file) Other backup schemes 


Version 11 One .tib file and one .xml metadata file Multiple .tib files and one .xml 


backup metadata file (traditional format) 
format 


Version 12 One .tibx file per backup chain (a full or differential 


backup backup, and all incremental backups that depend on it) 


format 


Changing the backup format to version 12 (.tibx) 
If you change the backup format from version 11 (.tib format) to version 12 (.tibx format): 


e The next backup will be full. 

e In backup locations that can be browsed with a file manager (such as local or network folders), a 
new .tibx file will be created. The new file will have the name of the original file, appended with the 
_V12A suffix. 

e Retention rules and replication will be applied only to the new backups. 

e The old backups will not be deleted and will remain available on the Backup storage tab. You can 
delete them manually. 

e The old cloud backups will not consume the Cloud storage quota. 


e The old local backups will consume the Local backup quota until you delete them manually. 


In-archive deduplication 


The backup format of version 12 supports in-archive deduplication that brings the following 
advantages: 


e Reduced backup size in tens of times, with built-in block-level deduplication for any type of data 
e Efficient handling of hard links ensures that there are no storage duplicates 


e Hash-based chunking 


Note 
In-archive deduplication is enabled by default for all backups in .tibx format. You do not have to 
enable it in the backup options, and you cannot disable it. 


5.11.6 Backup validation 


Validation is an operation that checks the possibility of data recovery from a backup. When this 
option is enabled, each backup created by the backup plan is validated immediately after creation. 


The preset is: Disabled. 


Validation calculates a checksum for every data block that can be recovered from the backup. The 
only exception is validation of file-level backups that are located in the cloud storage. These backups 
are validated by checking consistency of the metadata saved in the backup. 


Validation is a time-consuming process, even for an incremental or differential backup, which are 
small in size. This is because the operation validates not only the data physically contained in the 
backup, but all of the data recoverable by selecting the backup. This requires access to previously 
created backups. 


While the successful validation means a high probability of successful recovery, it does not check all 
factors that influence the recovery process. If you back up the operating system, we recommend 
performing a test recovery under the bootable media to a spare hard drive or running a virtual 
machine from the backup in the ESXi or Hyper-V environment. 


5.11.7 Task start conditions 
This option is effective in Windows and Linux operating systems. 


This option determines the program behavior in case a task is about to start (the scheduled time 
comes or the event specified in the schedule occurs), but the condition (or any of multiple conditions) 
is not met. For more information about conditions refer to "Start conditions". 


The preset is: Wait until the conditions from the schedule are met. 


Wait until the conditions from the schedule are met 


With this setting, the scheduler starts monitoring the conditions and launches the task as soon as the 
conditions are met. If the conditions are never met, the task will never start. 


To handle the situation when the conditions are not met for too long and further delaying the task is 
becoming risky, you can set the time interval after which the task will run irrespective of the 
condition. Select the Run the task anyway after check box and specify the time interval. The task 
will start as soon as the conditions are met OR the maximum time delay lapses, depending on which 
comes first. 


Skip the task execution 


Delaying a task might be unacceptable, for example, when you need to execute a task strictly at the 
specified time. Then it makes sense to skip the task rather than wait for the conditions, especially if 
the tasks occur relatively often. 


5.11.8 Changed block tracking (CBT) 


This option is effective for disk-level backups of virtual machines and of physical machines running 
Windows. It is also effective for backups of Microsoft SQL Server databases and Microsoft Exchange 
Server databases. 


The preset is: Enabled. 


This option determines whether to use Changed Block Tracking (CBT) when performing an 
incremental or differential backup. 


The CBT technology accelerates the backup process. Changes to the disk or database content are 
continuously tracked at the block level. When a backup starts, the changes can be immediately saved 
to the backup. 


5.11.9 Cluster backup mode 


These options are effective for database-level backup of Microsoft SQL Server and Microsoft 
Exchange Server. 


These options are effective only if the cluster itself (Microsoft SQL Server Always On Availability 
Groups (AAG) or Microsoft Exchange Server Database Availability Group (DAG)) is selected for 
backup, rather than the individual nodes or databases inside of it. If you select individual items inside 
the cluster, the backup will not be cluster-aware and only the selected copies of the items will be 
backed up. 


Microsoft SQL Server 


This option determines the backup mode for SQL Server Always On Availability Groups (AAG). For this 
option to be effective, Agent for SQL must be installed on all of the AAG nodes. For more information 
about backing up Always On Availability Groups, refer to "Protecting Always On Availability Groups 
(AAG)". 


The preset is: Secondary replica if possible. 
You can choose one of the following: 


e Secondary replica if possible 
If all secondary replicas are offline, the primary replica is backed up. Backing up the primary replica 
may slow down the SQL Server operation, but the data will be backed up in the most recent state. 
e Secondary replica 
If all secondary replicas are offline, the backup will fail. Backing up secondary replicas does not 
affect the SQL server performance and allows you to extend the backup window. However, 
passive replicas may contain information that is not up-to-date, because such replicas are often set 
to be updated asynchronously (lagged). 
e Primary replica 
If the primary replica is offline, the backup will fail. Backing up the primary replica may slow down 
the SQL Server operation, but the data will be backed up in the most recent state. 


Regardless of the value of this option, to ensure the database consistency, the software skips 
databases that are not in the SYNCHRONIZED or SYNCHRONIZING states when the backup starts. 
If all databases are skipped, the backup fails. 


Microsoft Exchange Server 


This option determines the backup mode for Exchange Server Database Availability Groups (DAG). 
For this option to be effective, Agent for Exchange must be installed on all of the DAG nodes. For 
more information about backing up Database Availability Groups, refer to "Protecting Database 
Availability Groups (DAG)". 


The preset is: Passive copy if possible. 


You can choose one of the following: 


e Passive copy if possible 
If all passive copies are offline, the active copy is backed up. Backing up the active copy may slow 
down the Exchange Server operation, but the data will be backed up in the most recent state. 

e Passive copy 
If all passive copies are offline, the backup will fail. Backing up passive copies does not affect the 
Exchange Server performance and allows you to extend the backup window. However, passive 
copies may contain information that is not up-to-date, because such copies are often set to be 
updated asynchronously (lagged). 


e Active copy 
If the active copy is offline, the backup will fail. Backing up the active copy may slow down the 
Exchange Server operation, but the data will be backed up in the most recent state. 


Regardless of the value of this option, to ensure the database consistency, the software skips 
databases that are not in the HEALTHY or ACTIVE states when the backup starts. If all databases are 
skipped, the backup fails. 


5.11.10 Compression level 


The option defines the level of compression applied to the data being backed up. The available levels 
are: None, Normal, High, Maximum. 


The preset is: Normal. 


A higher compression level means that the backup process takes longer, but the resulting backup 
occupies less space. Currently, the High and Maximum levels work similarly. 


The optimal data compression level depends on the type of data being backed up. For example, even 
maximum compression will not significantly reduce the backup size if the backup contains essentially 
compressed files, such as .jpg, .pdf or .mp3. However, formats such as .doc or .xls will be compressed 
well. 


5.11.11 Email notifications 
The option enables you to set up email notifications about events that occur during backup. 


This option is available only in on-premises deployments. In cloud deployments, the settings are 
configured per account when an account is created. 


The preset is: Use the system settings. 
You can either use the system settings or override them with custom values that will be specific for 


this plan only. The system settings are configured as described in "Email notifications". 


Important 
When the system settings are changed, all backup plans that use the system settings are affected. 


Before enabling this option, ensure that the Email server settings are configured. 


To customize email notifications for a backup plan 


1. Select Customize the settings for this backup plan. 


2. Inthe Recipients’ email addresses field, type the destination email address. You can enter 
several addresses separated by semicolons. 


3. [Optional] In Subject, change the email notification subject. 
You can use the following variables: 
e [Alert] -alert summary. 
e [Device] - device name. 
e [Plan] -the name of the plan that generated the alert. 


e [ManagementServer ] -the host name of the machine where the management server is 
installed. 


e [Unit] -the name of the unit to which the machine belongs. 
The default subject is [Alert] Device: [Device] Plan: [Plan] 


4. Select the check boxes for the events that you want to receive notifications about. You can select 
from the list of all alerts that occur during backup, grouped by severity. 


5.11.12 Error handling 


These options enable you to specify how to handle errors that might occur during backup. 


Re-attempt, if an error occurs 
The preset is: Enabled. Number of attempts: 30. Interval between attempts: 30 seconds. 


When a recoverable error occurs, the program re-attempts to perform the unsuccessful operation. 
You can set the time interval and the number of attempts. The attempts will be stopped as soon as 
the operation succeeds OR the specified number of attempts are performed, depending on which 
comes first. 


For example, if the backup destination on the network becomes unavailable or not reachable, the 
program will attempt to reach the destination every 30 seconds, but no more than 30 times. The 
attempts will be stopped as soon as the connection is resumed OR the specified number of attempts 
is performed, depending on which comes first. 


Cloud storage 


If the cloud storage is selected as a backup destination, the option value is automatically set to 
Enabled. Number of attempts: 300. Interval between attempts: 30 seconds. 


In this case, the actual number of attempts is unlimited, but the timeout before the backup failure is 
calculated as follows: (300 seconds + Interval between attempts) * (Number of attempts + 1). 


Examples: 


e With the default values, the backup will fail after (300 seconds + 30 seconds) * (300 + 1) = 99330 
seconds, or ~27.6 hours. 

e Ifyou set Number of attempts to 1 and Interval between attempts to 1 second, the backup 
will fail after (300 seconds + 1 second) * (1 + 1) = 602 seconds, or ~10 minutes. 


If the calculated timeout exceeds 30 minutes, and the data transfer has not started yet, the actual 
timeout is set to 30 minutes. 


Do not show messages and dialogs while processing (silent mode) 
The preset is: Enabled. 


With the silent mode enabled, the program will automatically handle situations requiring user 
interaction (except for handling bad sectors, which is defined as a separate option). If an operation 
cannot continue without user interaction, it will fail. Details of the operation, including errors, if any, 
can be found in the operation log. 


Ignore bad sectors 
The preset is: Disabled. 


When this option is disabled, each time the program comes across a bad sector, the backup activity 
will be assigned the Interaction required status. In order to back up the valid information ona 
rapidly dying disk, enable ignoring bad sectors. The rest of the data will be backed up and you will be 
able to mount the resulting disk backup and extract valid files to another disk. 


Re-attempt, if an error occurs during VM snapshot creation 
The preset is: Enabled. Number of attempts: 3. Interval between attempts: 5 minutes. 


When taking a virtual machine snapshot fails, the program re-attempts to perform the unsuccessful 
operation. You can set the time interval and the number of attempts. The attempts will be stopped as 
soon as the operation succeeds OR the specified number of attempts are performed, depending on 
which comes first. 


5.11.13 Fast incremental/differential backup 
This option is effective for incremental and differential disk-level backup. 


This option is not effective (always disabled) for volumes formatted with the JFS, ReiserFS3, 
ReiserFS4, ReFS, or XFS file systems. 


The preset is: Enabled. 


Incremental or differential backup captures only data changes. To speed up the backup process, the 
program determines whether a file has changed or not by the file size and the date/time when the file 
was last modified. Disabling this feature will make the program compare the entire file contents to 
those stored in the backup. 


5.11.14 File filters 
File filters define which files and folders to skip during the backup process. 
File filters are available for both disk-level and file-level backup, unless stated otherwise. 


To enable file filters 


Pw NS 


Select the data to back up. 
Click the gear icon next to the backup plan name, and then click Backup options. 
Select File filters. 


Use any of the options described below. 


Exclude files matching specific criteria 


There are two options that function in an inverse manner. 


Back up only files matching the following criteria 


Example: If you select to back up the entire machine and specify C:\File.exe in the filter criteria, 
only this file will be backed up. 


Note 
This filter is not effective for file-level backup if Version 11 is selected in Backup format and the 
backup destination is NOT cloud storage. 


Do not back up files matching the following criteria 


Example: If you select to back up the entire machine and specify C:\File.exe in the filter criteria, 
only this file will be skipped. 


It is possible to use both options simultaneously. The latter option overrides the former, i.e. if you 
specify C:\File.exe in both fields, this file will be skipped during a backup. 


Criteria 


Full path 

Specify the full path to the file or folder, starting with the drive letter (when backing up Windows) 
or the root directory (when backing up Linux or macOS). 

Both in Windows and Linux/macOS, you can use a forward slash in the file or folder path (as in 
C:/Temp/File.tmp). In Windows, you can also use the traditional backslash (as in 
C:\Temp\File.tmp). 

Name 

Specify the name of the file or folder, such as Document.txt. All files and folders with that name 
will be selected. 


The criteria are not case-sensitive. For example, by specifying C:\Temp, you will also select C:\TEMP, 
C:\temp, and so on. 


You can use one or more wildcard characters (*, **, and ?) in the criterion. These characters can be 
used both within the full path and in the file or folder name. 


The asterisk (*) substitutes for zero or more characters in a file name. For example, the criterion 
Doc*.txt matches files such as Doc.txt and Document.txt 


[Only for backups in the Version 12 format] The double asterisk (**) substitutes for zero or more 
characters in a file name and path, including the slash character. For example, the criterion 
**/Docs/**.txt matches all txt files in all subfolders of all folders Docs. 


The question mark (?) substitutes for exactly one character in a file name. For example, the criterion 
Doc?.txt matches files such as Doc1.txt and Docs.txt, but not the files Doc.txt or Doc11.txt 


Exclude hidden files and folders 


Select this check box to skip files and folders that have the Hidden attribute (for file systems that are 
supported by Windows) or that start with a period (.) (for file systems in Linux, such as Ext2 and 
Ext3). If a folder is hidden, all of its contents (including files that are not hidden) will be excluded. 


Exclude system files and folders 


This option is effective only for file systems that are supported by Windows. Select this check box to 
skip files and folders with the System attribute. If a folder has the System attribute, all of its 
contents (including files that do not have the System attribute) will be excluded. 


Note 
You can view file or folder attributes in the file/folder properties or by using the attrib command. For 
more information, refer to the Help and Support Center in Windows. 


5.11.15 File-level backup snapshot 
This option is effective only for file-level backup. 


This option defines whether to back up files one by one or by taking an instant data snapshot. 


Note 
Files that are stored on network shares are always backed up one by one. 


The preset is: 


e If only machines running Linux are selected for backup: Do not create a snapshot. 


e Otherwise: Create snapshot if it is possible. 
You can select one of the following: 


e Create a snapshot if it is possible 
Back up files directly if taking a snapshot is not possible. 

- Always create a snapshot 
The snapshot enables backing up of all files including files opened for exclusive access. The files will 
be backed up at the same point in time. Choose this setting only if these factors are critical, that is, 
backing up files without a snapshot does not make sense. If a snapshot cannot be taken, the 
backup will fail. 


- Do not create a snapshot 


Always back up files directly. Trying to back up files that are opened for exclusive access will result 
in a read error. Files in the backup may be not time-consistent. 


5.11.16 Log truncation 


This option is effective for backup of Microsoft SQL Server databases and for disk-level backup with 
enabled Microsoft SQL Server application backup. 


This option defines whether the SQL Server transaction logs are truncated after a successful backup. 
The preset is: Enabled. 


When this option is enabled, a database can be recovered only to a point in time of a backup created 
by this software. Disable this option if you back up transaction logs by using the native backup 
engine of Microsoft SQL Server. You will be able to apply the transaction logs after a recovery and 
thus recover a database to any point in time. 


5.11.17 LVM snapshotting 
This option is effective only for physical machines. 


This option is effective for disk-level backup of volumes managed by Linux Logical Volume Manager 
(LVM). Such volumes are also called logical volumes. 


This option defines how a snapshot of a logical volume is taken. The backup software can do this on 
its own or rely on Linux Logical Volume Manager (LVM). 


The preset is: By the backup software. 


- By the backup software. The snapshot data is kept mostly in RAM. The backup is faster and 
unallocated space on the volume group is not required. Therefore, we recommend changing the 
preset only if you are experiencing problems with backing up logical volumes. 

e By LVM. The snapshot is stored on unallocated space of the volume group. If the unallocated 
space is missing, the snapshot will be taken by the backup software. 


5.11.18 Mount points 


This option is effective only in Windows for a file-level backup of a data source that includes mounted 
volumes or cluster shared volumes. 


This option is effective only when you select for backup a folder that is higher in the folder hierarchy 
than the mount point. (A mount point is a folder on which an additional volume is logically attached.) 


e If such folder (a parent folder) is selected for backup, and the Mount points option is enabled, all 
files located on the mounted volume will be included in the backup. If the Mount points option is 
disabled, the mount point in the backup will be empty. 

During recovery of a parent folder, the mount point content will or will not be recovered, 
depending on whether the Mount points option for recovery is enabled or disabled. 


e If you select the mount point directly, or select any folder within the mounted volume, the selected 
folders will be considered as ordinary folders. They will be backed up regardless of the state of the 
Mount points option and recovered regardless of the state of the Mount points option for 
recovery. 


The preset is: Disabled. 


Note 

You can back up Hyper-V virtual machines residing on a cluster shared volume by backing up the 
required files or the entire volume with file-level backup. Just power off the virtual machines to be 
sure that they are backed up in a consistent state. 


Example 


Let's assume that the C:\Data1\ folder is a mount point for the mounted volume. The volume 
contains folders Folder1 and Folder2. You create a protection plan for file-level backup of your data. 


If you select the check box for volume C and enable the Mount points option, the C:\Data1\ folder 
in your backup will contain Folder1 and Folder2. When recovering the backed-up data, be aware of 
proper using the Mount points option for recovery. 


If you select the check box for volume C, and disable the Mount points option, the C:\Data1\ folder 
in your backup will be empty. 


If you select the check box for the Data1, Folder1 or Folder2 folder, the checked folders will be 
included in the backup as ordinary folders, regardless of the state of the Mount points option. 


5.11.19 Multi-volume snapshot 
This option is effective for backups of physical machines running Windows or Linux. 


This option applies to disk-level backup. This option also applies to file-level backup when the file-level 
backup is performed by taking a snapshot. (The "File-level backup snapshot" option determines 
whether a snapshot is taken during file-level backup). 


This option determines whether to take snapshots of multiple volumes at the same time or one by 
one. 


The preset is: 


e If at least one machine running Windows is selected for backup: Enabled. 

e If no machines are selected (this is the case when you start creating a backup plan from the Plans 
> Backup page): Enabled. 

e Otherwise: Disabled. 


When this option is enabled, snapshots of all volumes being backed up are created simultaneously. 
Use this option to create a time-consistent backup of data spanning multiple volumes; for instance, 
for an Oracle database. 


When this option is disabled, the volumes' snapshots are taken one after the other. As a result, if the 
data spans several volumes, the resulting backup may be not consistent. 


5.11.20 Performance and backup window 


This option enables you to set one of three levels of backup performance (high, low, prohibited) for 
every hour within a week. This way, you can define a time window when backups are allowed to start 
and run. The high and low performance levels are configurable in terms of the process priority and 
output speed. 


This option is not available for backups executed by the cloud agents, such as website backups or 
backups of servers located on the cloud recovery site. 


You can configure this option separately for each location specified in the backup plan. To configure 
this option for a replication location, click the gear icon next to the location name, and then click 
Performance and backup window. 


This option is effective only for the backup and backup replication processes. Post-backup 
commands and other operations included in a backup plan (validation, conversion to a virtual 
machine) will run regardless of this option. 


The preset is: Disabled. 


When this option is disabled, backups are allowed to run at any time, with the following parameters 
(no matter if the parameters were changed against the preset value): 


e CPU priority: Low (in Windows, corresponds to Below normal). 


e Output speed: Unlimited. 


When this option is enabled, scheduled backups are allowed or blocked according to the performance 
parameters specified for the current hour. At the beginning of an hour when backups are blocked, a 
backup process is automatically stopped and an alert is generated. 


Even if scheduled backups are blocked, a backup can be started manually. It will use the performance 
parameters of the most recent hour when backups were allowed. 


Backup window 


Each rectangle represents an hour within a week day. Click a rectangle to cycle through the following 
states: 


e Green: backup is allowed with the parameters specified in the green section below. 

e Blue: backup is allowed with the parameters specified in the blue section below. 
This state is not available if the backup format is set to Version 11. 

e Gray: backup is blocked. 


You can click and drag to change the state of multiple rectangles simultaneously. 


Performance and backup window settings 
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CPU priority 


This parameter defines the priority of the backup process in the operating system. 


The available settings are: Low, Normal, High. 
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The priority of a process running in a system determines the amount of CPU and system resources 
allocated to that process. Decreasing the backup priority will free more resources for other 
applications. Increasing the backup priority might speed up the backup process by requesting the 
operating system to allocate more resources like the CPU to the backup application. However, the 
resulting effect will depend on the overall CPU usage and other factors like disk in/out speed or 
network traffic. 


This option sets the priority of the backup process (service_process.exe) in Windows and the 
niceness of the backup process (service_process) in Linux and OS X. 


{^ Task Manager 


File Options View 
Processes Performance Apphistory Start-up Users Details Services 


A 


Name PID Status Username CPU Mem 
[E] services.exe 580 Running SYSTEM 00 


z End task 
[E] ShellExperience 
End process tree 


[m] sihost.exe 

E Spe ost ece  Setpriority  Reaitime 

re) smss.exe Set affinity High 

a spoolsv.exe ay i 
M svchost.exe Analyse wait chain kiea 
[m=] svchost.exe UAC virtualisation Normal 

[=| svchost.exe Create dump file is Below normal 
[=] svchost.exe 


d svchost.exe Open file location 


[m] svchost.exe Search online 
[E] svchost.exe Properties 
[E] svchost.exe Go to service(s) 


Output speed during backup 

This parameter enables you to limit the hard drive writing speed (when backing up to a local folder) or 
the speed of transferring the backup data through the network (when backing up to a network share 
or to cloud storage). 


When this option is enabled, you can specify the maximum allowed output speed: 


e As a percentage of the estimated writing speed of the destination hard disk (when backing up to a 
local folder) or of the estimated maximum speed of the network connection (when backing up to a 
network share or cloud storage). 

This setting works only if the agent is running in Windows. 

In KB/second (for all destinations). 
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5.11.21 Physical Data Shipping 


This option is effective if the backup destination is the cloud storage and the backup format is set to 
Version 12. 


This option is effective for disk-level backups and file backups created by Agent for Windows, Agent 
for Linux, Agent for Mac, Agent for VMware, and Agent for Hyper-V. Backups created under bootable 
media are not supported. 


This option determines whether the first full backup created by the protection plan will be sent to the 
cloud storage on a hard disk drive by using the Physical Data Shipping service. The subsequent 
incremental backups can be performed over the network. 


The preset is: Disabled. 


About the Physical Data Shipping service 


The Physical Data Shipping service web interface is available only to organization administrators in 
on-premises deployments and administrators in cloud deployments. 


For detailed instructions about using the Physical Data Shipping service and the order creation tool, 
refer to the Physical Data Shipping Administrator's Guide. To access this document in the Physical 
Data Shipping service web interface, click the question mark icon. 


Overview of the physical data shipping process 


1. Create a new protection plan. In this plan, enable the Physical Data Shipping backup option. 
You can back up directly to the drive or back up to a local or a network folder, and then 
copy/move the backup(s) to the drive. 


Important 

Once the initial full backup is done, the subsequent backups must be performed by the same 
protection plan. Another protection plan, even with the same parameters and for the same 
machine, will require another Physical Data Shipping cycle. 


2. After the first backup is complete, use the Physical Data Shipping service web interface to 
download the order creation tool and create the order. 


To access this web interface, do one of the following: 
e In on-premises deployments: log in to your Acronis account, and then click Go to Tracking 
Console under Physical Data Shipping. 
e In cloud deployments: log in to the management portal, click Overview > Usage, and then 
click Manage service under Physical Data Shipping. 
3. Package the drives and ship them to the data center. 


Important 
Ensure that you follow the packaging instructions provided in the Physical Data Shipping 
Administrator's Guide. 


4. Track the order status by using the Physical Data Shipping service web interface. Note that the 
subsequent backups will fail until the initial backup is uploaded to the cloud storage. 


5.11.22 Pre/Post commands 


The option enables you to define the commands to be automatically executed before and after the 
backup procedure. 


The following scheme illustrates when pre/post commands are executed. 


Pre-backup Post-backup 


command command 


Examples of how you can use the pre/post commands: 


e Delete some temporary files from the disk before starting backup. 

e Configure a third-party antivirus product to be started each time before the backup starts. 

e Selectively copy backups to another location. This option may be useful because the replication 
configured in a backup plan copies every backup to subsequent locations. 


The agent performs the replication after executing the post-backup command. 


The program does not support interactive commands, i.e. commands that require user input (for 
example, pause’). 


Pre-backup command 
To specify a command/batch file to be executed before the backup process starts 


1. Enable the Execute a command before the backup switch. 

2. Inthe Command... field, type a command or browse to a batch file. The program does not 
support interactive commands, i.e. commands that require user input (for example, "pause".) 

3. Inthe Working directory field, specify a path to a directory where the command/batch file will 
be executed. 

4. Inthe Arguments field specify the command's execution arguments, if required. 
Depending on the result you want to obtain, select the appropriate options as described in the 


table below. 
6. Click Done. 
Selection 
Fail the backup if the Selected Cleared Selected Cleared 


command execution 


fails* 


Do not back up until Selected Selected Cleared Cleared 
the command 
execution is complete 


Result 
Preset Perform the N/A Perform the 
Perform the backup after the backup 
backup only after command is concurrently with 
the command is executed despite the command 
successfully execution failure or execution and 
executed. Fail the success. irrespective of the 
backup if the command 
command execution result. 


execution fails. 


* A command is considered failed if its exit code is not equal to zero. 


Post-backup command 
To specify a command/executable file to be executed after the backup is completed 


1. Enable the Execute a command after the backup switch. 

2. Inthe Command... field, type a command or browse to a batch file. 

3. Inthe Working directory field, specify a path to a directory where the command/batch file will 
be executed. 

4. Inthe Arguments field, specify the command execution arguments, if required. 
Select the Fail the backup if the command execution fails check box if successful execution 
of the command is critical for you. The command is considered failed if its exit code is not equal to 
zero. If the command execution fails, the backup status will be set to Error. 
When the check box is not selected, the command execution result does not affect the backup 
failure or success. You can track the command execution result by exploring the Activities tab. 

6. Click Done. 


5.11.23 Pre/Post data capture commands 


The option enables you to define the commands to be automatically executed before and after data 
capture (that is, taking the data snapshot). Data capture is performed at the beginning of the backup 
procedure. 


The following scheme illustrates when the pre/post data capture commands are executed. 


Pre-backup Pre-data Data capture Post-data Post-backup 
command capture capture command 


If the Volume Shadow Copy Service option is enabled, the commands' execution and the Microsoft 
VSS actions will be sequenced as follows: 


"Before data capture” commands -> VSS Suspend -> Data capture -> VSS Resume -> "After data 


capture" commands. 


By using the pre/post data capture commands, you can suspend and resume a database or 
application that is not compatible with VSS. Because the data capture takes seconds, the database or 
application idle time will be minimal. 


Pre-data capture command 
To specify a command/batch file to be executed before data capture 


1. Enable the Execute a command before the data capture switch. 

2. Inthe Command... field, type a command or browse to a batch file. The program does not 
support interactive commands, i.e. commands that require user input (for example, "pause".) 

3. Inthe Working directory field, specify a path to a directory where the command/batch file will 
be executed. 

4. Inthe Arguments field specify the command's execution arguments, if required. 
Depending on the result you want to obtain, select the appropriate options as described in the 
table below. 


6. Click Done. 
Check box Selection 
Fail the backup if the Selected Cleared Selected Cleared 
command execution 
fails* 
Do not perform the Selected Selected Cleared Cleared 


data capture until the 
command execution is 


complete 
Result 

Preset Perform the data Perform the data 
Perform the data capture after the capture 
capture only after | command is concurrently with 
the command is executed despite the command and 
successfully execution failure or irrespective of the 
executed. Fail the SUCCESS. command 
backup if the execution result. 


command 
execution fails. 


* A command is considered failed if its exit code is not equal to zero. 


Post-data capture command 


To specify a command/batch file to be executed after data capture 


1. Enable the Execute a command after the data capture switch. 


2. Inthe Command... field, type a command or browse to a batch file. The program does not 
support interactive commands, i.e. commands that require user input (for example, "pause".) 


3. Inthe Working directory field, specify a path to a directory where the command/batch file will 


be executed. 


4. Inthe Arguments field specify the command's execution arguments, if required. 


Depending on the result you want to obtain, select the appropriate options as described in the 


table below. 
6. Click Done. 
Check box Selection 
Fail the backup if Selected Cleared Selected 


the command 
execution fails* 


Do not back up Selected Selected Cleared 
until the 

command 

execution is 


complete 
Result 

Preset Continue the backup | N/A 
Continue the backup | after the command 
only after the is executed despite 
command is command execution 
successfully failure or success. 
executed. 


* A command is considered failed if its exit code is not equal to zero. 


5.11.24 SAN hardware snapshots 
This option is effective for backups of VMware ESXi virtual machines. 


The preset is: Disabled. 


Cleared 


Cleared 


Continue the backup 
concurrently with the 
command execution 
and irrespective of 
the command 
execution result. 


This option determines whether to use the SAN snapshots when performing a backup. 


If this option is disabled, the virtual disk content will be read from a VMware snapshot. The snapshot 


will be kept for the whole duration of the backup. 


If this option is enabled, the virtual disk content will be read from a SAN snapshot. A VMware 
snapshot will be created and kept briefly, to bring the virtual disks into a consistent state. If reading 
from a SAN snapshot is not possible, the backup will fail. 


Prior to enabling this option, please check and carry out the requirements listed in "Using SAN 
hardware snapshots". 


5.11.25 Scheduling 


This option defines whether backups start as scheduled or with a delay, and how many virtual 
machines are backed up simultaneously. 


The preset is: 


e On-premises deployment: Start all backups exactly as scheduled. 


e Cloud deployment: Distribute backup start times within a time window. Maximum delay: 
30 minutes. 


You can select one of the following: 


e Start all backups exactly as scheduled 
Backups of physical machines will start exactly as scheduled. Virtual machines will be backed up 
one by one. 

- Distribute start times within a time window 
Backups of physical machines will start with a delay from the scheduled time. The delay value for 
each machine is selected randomly and ranges from zero to the maximum value you specify. You 
may want to use this setting when backing up multiple machines to a network location, to avoid 
excessive network load. The delay value for each machine is determined when the backup plan is 
applied to the machine and remains the same until you edit the backup plan and change the 
maximum delay value. 
Virtual machines will be backed up one by one. 

e Limit the number of simultaneously running backups by 
This option is available only when a backup plan is applied to multiple virtual machines. This option 
defines how many virtual machines an agent can back up simultaneously when executing the given 
backup plan. 
If, according to the backup plan, an agent has to start backing up multiple machines at once, it will 
choose two machines. (To optimize the backup performance, the agent tries to match machines 
stored on different storages.) Once any of the two backups is completed, the agent chooses the 
third machine and so on. 
You can change the number of virtual machines for an agent to simultaneously back up. The 
maximum value is 10. However, if the agent executes multiple backup plans that overlap in time, 
the numbers specified in their options are added up. You can limit the total number of virtual 
machines that an agent can back up simultaneously, no matter how many backup plans are 
running. 
Backups of physical machines will start exactly as scheduled. 


5.11.26 Sector-by-sector backup 

The option is effective only for disk-level backup. 

This option defines whether an exact copy of a disk or volume on a physical level is created. 
The preset is: Disabled. 


If this option is enabled, all disk or volume's sectors will be backed up, including unallocated space 
and those sectors that are free of data. The resulting backup will be equal in size to the disk being 
backed up (if the "Compression level" option is set to None). The software automatically switches to 
the sector-by-sector mode when backing up drives with unrecognized or unsupported file systems. 


Note 
It will be impossible to perform a recovery of application data from the backups which were created 
in the sector-by-sector mode. 


5.11.27 Splitting 


This option is effective for the Always full; Weekly full, Daily incremental; Monthly full, 
Weekly differential, Daily incremental (GFS), and Custom backup schemes. 


This option enables you to select the method of splitting of large backups into smaller files. 
The preset is: Automatic. 
The following settings are available: 


« Automatic 
A backup will be split if it exceeds the maximum file size supported by the file system. 
e Fixed size 


Enter the desired file size or select it from the drop-down list. 


5.11.28 Tape management 


These options are effective when the backup destination is a tape device. 


Enable file recovery from disk backups stored on tapes 
The preset is: Disabled. 


If this check box is selected, at each backup, the software creates supplementary files on a hard disk 
of the machine where the tape device is attached. File recovery from disk backups is possible as long 
as these supplementary files are intact. The files are deleted automatically when the tape storing the 
respective backups is erased, removed or overwritten. 


The supplementary files' locations are as follows: 


e In Windows XP and Server 2003: %ALLUSERSPROFILE%\ Application 
Data\Acronis\BackupAndRecovery\TapeLocation. 


e In Windows Vista and later versions of Windows: 
%PROGRAMDATA%\Acronis\BackupAndRecovery\TapeLocation. 


e In Linux: /var/lib/Acronis/BackupAndRecovery/TapeLocation. 


The space occupied by these supplementary files depends on the number of files in the respective 
backup. For a full backup of a disk containing approximately 20,000 files (the typical workstation disk 
backup), the supplementary files occupy around 150 MB. A full backup of a server containing 
250,000 files may produce around 700 MB of supplementary files. So if you are certain that you will 
not need to recover individual files, you can leave the check box cleared to save the disk space. 


If the supplementary files were not created during backup, or have been deleted, you still can create 
them by rescanning the tapes where the backup is stored. 


Move a tape back to the slot after each successful backup of each machine 
The preset is: Enabled. 


If you disable this option, a tape will remain in the drive after an operation using the tape is 
completed. Otherwise, the software will move the tape back to the slot where it was before the 
operation. If, according to the backup plan, other operations follow the backup (such as the backup 
validation or replication to another location), the tape will be moved back to the slot after completion 
of these operations. 


If both this option and the Eject tapes after each successful backup of each machine option 
are enabled, the tape will be ejected. 


Eject tapes after each successful backup of each machine 
The preset is: Disabled. 


When this check box is selected, the software will eject tapes after any successful backup of each 
machine. If, according to the backup plan, other operations follow the backup (such as the backup 
validation or replication to another location), the tapes will be ejected after completion of these 
operations. 


Overwrite a tape in the stand-alone tape drive when creating a full backup 
The preset is: Disabled. 


The option applies only to stand-alone tape drives. When this option is enabled, a tape inserted into a 
drive will be overwritten every time a full backup is created. 


Use the following tape devices and drives 


This option enables you to specify tape devices and tape drives to be used by the backup plan. 


A tape pool contains tapes from all tape devices attached to a machine, be it a storage node ora 
machine where a backup agent is installed, or both. When you select a tape pool as a backup location, 
you indirectly select the machine to which the tape device(s) are attached. By default, backups can be 
written to tapes through any tape drive on any tape device attached to that machine. If some of the 
devices or drives are missing or not operational, the backup plan will use those that are available. 


You can click Only selected devices and drives, and then choose tape devices and drives from the 
list. By selecting an entire device, you select all of its drives. This means that any of these drives can 
be used by the backup plan. If the selected device or drive is missing or is not operational, and no 
other devices are selected, the backup will fail. 


By using this option, you can control backups performed by multiple agents to a large tape library 
with multiple drives. For example, a backup of a large file server or file share may not start if multiple 
agents back up their machines during the same backup window, because the agents occupy all of the 
drives. If you allow the agents to use, say, drives 2 and 3, drive 1 becomes reserved for the agent that 
backs up the share. 


Use tape sets within the tape pool selected for backup 


The preset is: Disabled. 
Tapes within one pool can be grouped into so-called tape sets. 


If you leave this option disabled, data will be backed up on all tapes belonging to a pool. If the option 
is enabled, you can separate backups according to the predefined or custom rules. 


Use a separate tape set for each (choose a rule: Backup type, Device type, Device name, 
Day in month, Day of week, Month of year, Year, Date) 

If this variant is selected, you can organize tape sets according to a predefined rule. For example, 
you can have separate tape sets for each day of the week or store backups of each machine ona 
separate tape set. 


Specify a custom rule for tape sets 


If this variant is selected, specify your own rule to organize tape sets. The rule can contain the 
following variables: 


Variable Variable Available values 
syntax description 


[Resource Backups of each Names of the machines registered on the management server. 


Name] machine will be 
stored on a 
separate tape set. 


[Backup Full, incremental, full, inc, diff 
Type] and differential 

backups will be 

stored on 

separate tape 


[Resource Backups of Server essentials, Server, Workstation, Physical machine, VMware 
Type] machines of each | Virtual Machine, Virtual-PC Virtual Machine, Virtual Server Virtual 
type will be stored | Machine, Hyper-V Virtual Machine, Parallels Virtual Machine, XEN 
ona separate tape | Virtual Machine, KVM Virtual Machine, RHEV Virtual Machine, 
set. Parallels Cloud Virtual Machine 


[Day] Backups created 01, 02, 03, ..., 31 
on each day of the 
month will be 
storedona 
separate tape set. 


[Weekday] Backups created Sunday, Monday, Tuesday, Wednesday, Thursday, Friday, Saturday 
on each day of the 
week will be 
stored on a 
separate tape set. 
[Month] Backups created January, February, March, April, May, June, July, August, September, 
during each month | October, November, December 
of the year will be 
stored on a 
separate tape set. 
[Year] Backups created 2017, 2018, ... 
during each year 
will be stored ona 
separate tape set. 


e For example, if you specify the rule as [Resource Name ]-[Backup Type], you will have a separate 


tape set for each full, incremental, and differential backup of each machine to which the backup 
plan is applied. 


You can also specify tape sets for individual tapes. In this case, the software will first write backups on 
tapes whose tape set value coincides with the value of the expression specified in the backup plan. 
Then, if necessary, other tapes from the same pool will be taken. After that, if the pool is 
replenishable, tapes from the Free tapes pool will be used. 


For example, if you specify tape set Monday for Tape 1, Tuesday for Tape 2, etc. and specify [Weekday ] 
in the backup options, the corresponding tape will be used on the respective day of the week. 


5.11.29 Task failure handling 


This option determines the program behavior when a scheduled execution of a backup plan fails. This 
option is not effective when a backup plan is started manually. 


If this option is enabled, the program will try to execute the backup plan again. You can specify the 
number of attempts and the time interval between the attempts. The program stops trying as soon 


as an attempt completes successfully OR the specified number of attempts is performed, depending 
on which comes first. 


The preset is: Disabled. 


5.11.30 Volume Shadow Copy Service (VSS) 


This option is effective only for Windows operating systems. 


The option defines whether a Volume Shadow Copy Service (VSS) provider has to notify VSS-aware 
applications that the backup is about to start. This ensures the consistent state of all data used by the 
applications; in particular, completion of all database transactions at the moment of taking the data 
snapshot by the backup software. Data consistency, in turn, ensures that the application will be 
recovered in the correct state and become operational immediately after recovery. 


The preset is: Enabled. Automatically select snapshot provider. 
You can select one of the following: 


« Automatically select snapshot provider 
Automatically select among the hardware snapshot provider, software snapshot providers, and 
Microsoft Software Shadow Copy provider. 

e Use Microsoft Software Shadow Copy provider 
We recommend choosing this option when backing up application servers (Microsoft Exchange 
Server, Microsoft SQL Server, Microsoft SharePoint, or Active Directory). 


Disable this option if your database is incompatible with VSS. Snapshots are taken faster, but data 
consistency of the applications whose transactions are not completed at the time of taking a 
snapshot cannot be guaranteed. You may use Pre/Post data capture commands to ensure that the 
data is backed up in a consistent state. For instance, specify pre-data capture commands that will 
suspend the database and flush all caches to ensure that all transactions are completed; and specify 
post-data capture commands that will resume the database operations after the snapshot is taken. 


Note 

If this option is enabled, files and folders that are specified in the HKEY_LOCAL_ 
MACHINE\SYSTEM\CurrentControlSet\Control\BackupRestore\FilesNotToSnapshot registry 
key are not backed up. In particular, offline Outlook Data Files (.ost) are not backed up because they 
are specified in the OutlookOST value of this key. 


Enable VSS full backup 


If this option is enabled, logs of Microsoft Exchange Server and of other VSS-aware applications 
(except for Microsoft SQL Server) will be truncated after each successful full, incremental or 
differential disk-level backup. 


The preset is: Disabled. 


Leave this option disabled in the following cases: 


e If you use Agent for Exchange or third-party software for backing up the Exchange Server data. 
This is because the log truncation will interfere with the consecutive transaction log backups. 

e If you use third-party software for backing up the SQL Server data. The reason for this is that the 
third-party software will take the resulting disk-level backup for its "own" full backup. As a result, 
the next differential backup of the SQL Server data will fail. The backups will continue failing until 
the third-party software creates the next "own" full backup. 

e If other VSS-aware applications are running on the machine and you need to keep their logs for 
any reason. 


Enabling this option does not result in the truncation of Microsoft SQL Server logs. To truncate the 
SQL Server log after a backup, enable the Log truncation backup option. 


5.11.31 Volume Shadow Copy Service (VSS) for virtual machines 


This option defines whether quiesced snapshots of virtual machines are taken. To take a quiesced 
snapshot, the backup software applies VSS inside a virtual machine by using VMware Tools, Hyper-V 
Integration Services, or Virtuozzo Guest Tools. 


The preset is: Enabled. 


If this option is enabled, transactions of all VSS-aware applications running in a virtual machine are 
completed before taking snapshot. If a quiesced snapshot fails after the number of re-attempts 
specified in the "Error handling" option, and application backup is disabled, a non-quiesced snapshot 
is taken. If application backup is enabled, the backup fails. 


If this option is disabled, a non-quiesced snapshot is taken. The virtual machine will be backed up in a 
crash-consistent state. 


5.11.32 Weekly backup 


This option determines which backups are considered "weekly" in retention rules and backup 
schemes. A "weekly" backup is the first backup created after a week starts. 


The preset is: Monday. 


5.11.33 Windows event log 
This option is effective only in Windows operating systems. 


This option defines whether the agents have to log events of the backup operations in the 
Application Event Log of Windows (to see this log, run eventvwr.exe or select Control Panel > 
Administrative tools > Event Viewer). You can filter the events to be logged. 


The preset is: Disabled. 


6 Recovery 


6.1 Recovery cheat sheet 


The following table summarizes the available recovery methods. Use the table to choose a recovery 
method that best fits your need. 


What to recover Recovery method 


Physical machine (Windows or Linux) Using the web interface 


Using bootable media 


Physical machine (Mac) Using bootable media 


Virtual machine (VMware or Hyper-V) Using the web interface 


Using bootable media 


ESXi configuration Using bootable media 


Files/Folders Using the web interface 
Downloading files from the cloud storage 
Using bootable media 


Extracting files from local backups 


Note for Mac users 


e Starting with 10.11 El Capitan, certain system files, folders, and processes are flagged for 
protection with an extended file attribute com.apple.rootless. This feature is called System 
Integrity Protection (SIP). The protected files include preinstalled applications and most of the 
folders in /system, /bin, /sbin, /usr. 

The protected files and folders cannot be overwritten during a recovery under the operating 
system. If you need to overwrite the protected files, perform the recovery under bootable media. 

e Starting with macOS Sierra 10.12, rarely used files can be moved to iCloud by the Store in Cloud 
feature. Small footprints of these files are kept on the file system. These footprints are backed up 
instead of the original files. 


When you recover a footprint to the original location, it is synchronized with iCloud and the original 
file becomes available. When you recover a footprint to a different location, it cannot be 
synchronized and the original file will be unavailable. 


6.2 Creating bootable media 


Bootable media is a CD, DVD, USB flash drive, or other removable media that enables you to run the 
agent without the help of an operating system. The main purpose of bootable media is to recover an 
operating system that cannot start. 


We highly recommend that you create and test a bootable media as soon as you start using disk-level 
backup. Also, it is a good practice to re-create the media after each major update of the backup agent. 


You can recover either Windows or Linux by using the same media. To recover macOS, create a 
separate media on a machine running macOS. 


To create bootable media in Windows or Linux 

1. Download the bootable media ISO file. To download the file, click the account icon in the top-right 
corner > Downloads > Bootable media. 

2. Do any of the following: 
e Burn a CD/DVD using the ISO file. 


e Create a bootable USB flash drive by using the ISO file and one of the free tools available 
online. 


Use ISO to USB or RUFUS if you need to boot an UEFI machine, Win32DiskImager for a BIOS 
machine. In Linux, using the dd utility makes sense. 


e Connect the ISO file as a CD/DVD drive to the virtual machine that you want to recover. 
Alternatively, you can create bootable media by using Bootable Media Builder. 
To create bootable media in macOS 


1. On a machine where Agent for Mac is installed, click Applications > Rescue Media Builder. 


2. The software displays the connected removable media. Select the one that you want to make 
bootable. 


Warning! 
All data on the disk will be erased. 


Click Create. 


4. Wait while the software creates the bootable media. 


6.3 Recovering a machine 


6.3.1 Physical machine 


This section describes recovery of physical machines by using the web interface. 


Use bootable media instead of the web interface if you need to recover: 


e macOS 


e Any operating system to bare metal or to an offline machine 


e The structure of logical volumes (volumes created by Logical Volume Manager in Linux). The media 


enables you to recreate the logical volume structure automatically. 


Recovery of an operating system requires a reboot. You can choose whether to restart the machine 
automatically or assign it the Interaction required status. The recovered operating system goes 


online automatically. 


To recover a physical machine 


1. 
2. 
3. 


Select the backed-up machine. 

Click Recovery. 

Select a recovery point. Note that recovery points are filtered by location. 

If the machine is offline, the recovery points are not displayed. Do any of the following: 

e If the backup location is cloud or shared storage (i.e. other agents can access it), click Select 
machine, select a target machine that is online, and then select a recovery point. 

e Select a recovery point on the Backups tab. 

e Recover the machine as described in "Recovering disks by using bootable media". 

Click Recover > Entire machine. 

The software automatically maps the disks from the backup to the disks of the target machine. 

To recover to another physical machine, click Target machine, and then select a target machine 

that is online. 


X Recover machine © 


Physical machine v 


ssd-win2016 


Disk 1 — Disk 1 
Disk 2 — Disk 2 
Disk 3 — Disk 3 


@_) off © 


START RECOVERY $03 RECOVERY OPTIONS 
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5. If you are unsatisfied with the mapping result or if the disk mapping fails, click Disk mapping to 
re-map the disks manually. 
The mapping section also enables you to choose individual disks or volumes for recovery. You can 
switch between recovering disks and volumes by using the Switch to... link in the top-right 


corner. 
X Disk mapping Switch to volume mapping 
| 
Backup Target machine 
vo m Diski fee Diski Change 
= = 
=a = 
auto v 
vi Æ Disk2 a Disk2 Change 
i fe] 


auto v 


6. Click Start recovery. 
7. Confirm that you want to overwrite the disks with their backed-up versions. Choose whether to 


restart the machine automatically. 
The recovery progress is shown on the Activities tab. 


6.3.2 Physical machine to virtual 


This section describes recovery of a physical machine as a virtual machine by using the web interface. 
This operation can be performed if at least one Agent for VMware or Agent for Hyper-V is installed 
and registered. 


For more information about P2V migration, refer to "Machine migration". 
To recover a physical machine as a virtual machine 


1. Select the backed-up machine. 
2. Click Recovery. 
3. Select a recovery point. Note that recovery points are filtered by location. 
If the machine is offline, the recovery points are not displayed. Do any of the following: 


e If the backup location is cloud or shared storage (i.e. other agents can access it), click Select 
machine, select a machine that is online, and then select a recovery point. 


e Select a recovery point on the Backups tab. 

e Recover the machine as described in "Recovering disks by using bootable media". 

Click Recover > Entire machine. 

In Recover to, select Virtual machine. 

Click Target machine. 

a. Select the hypervisor (VMware ESXi or Hyper-V). 
At least one Agent for VMware or Agent for Hyper-V must be installed. 

b. Select whether to recover to a new or existing machine. The new machine option is preferable 
as it does not require the disk configuration of the target machine to exactly match the disk 
configuration in the backup. 


c. Select the host and specify the new machine name, or select an existing target machine. 

d. Click OK. 

[Optional] When recovering to a new machine, you can also do the following: 

e Click Datastore for ESXi or Path for Hyper-V, and then select the datastore (storage) for the 
virtual machine. 

e Click Disk mapping to select the datastore (storage), interface, and provisioning mode for each 
virtual disk. The mapping section also enables you to choose individual disks for recovery. 

e Click VM settings to change the memory size, the number of processors, and the network 
connections of the virtual machine. 


RECOVER TO 
Virtual machine 


TARGET MACHINE 
New machine on 10.250.22.17| New 


DATASTORE 
datastore’ (1) 


DISK MAPPING 


Disk 1 — datastore1 (1), 50.0 GB 
Disk 2 — datastore1 (1), 50.0 GB 


VM SETTINGS 


Memory: 2.00 GB 
Virtual processors: 2 
Network adapters: 2 
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8. Click Start recovery. 


9. When recovering to an existing virtual machine, confirm that you want to overwrite the disks. 
The recovery progress is shown on the Activities tab. 


6.3.3 Virtual machine 


Avirtual machine must be stopped during the recovery to this machine. The software stops the 
machine without a prompt. When the recovery is completed, you have to start the machine 
manually. 


This behavior can be changed by using the VM power management recovery option (click Recovery 
options > VM power management). 


To recover a virtual machine 


1. Do one of the following: 
e Select a backed-up machine, click Recovery, and then select a recovery point. 
e Select arecovery point on the Backups tab. 

2. Click Recover > Entire machine. 


3. If you want to recover to a physical machine, select Physical machine in Recover to. Otherwise, 
skip this step. 
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Recovery to a physical machine is possible only if the disk configuration of the target machine 


exactly matches the disk configuration in the backup. 


If this is the case, continue to step 4 in "Physical machine". Otherwise, we recommend that you 
perform the V2P migration by using bootable media. 


The software automatically selects the original machine as the target machine. 


To recover to another virtual machine, click Target machine, and then do the following: 


a. 
b. 
Č: 
d. 
[Optional] When recovering to a new machine, you can also do the following: 
Click Datastore for ESXi or Path for Hyper-V, and then select the datastore (storage) for the 
virtual machine. 


Select the hypervisor (VMware ESXi or Hyper-V). 
Select whether to recover to a new or existing machine. 


Select the host and specify the new machine name, or select an existing target machine. 


Click OK. 


Click Disk mapping to select the datastore (storage), interface, and provisioning mode for each 
virtual disk. The mapping section also enables you to choose individual disks for recovery. 

Click VM settings to change the memory size, the number of processors, and the network 
connections of the virtual machine. 


RECOVER TO 
Virtual machine 


TARGET MACHINE 
New machine on 10.250.22.17 New 


DATASTORE 
datastore’ (1) 


DISK MAPPING 


Disk 1 — datastore1 (1), 50.0 GB 
Disk 2 — datastore1 (1), 50.0 GB 


VM SETTINGS 


Memory: 2.00 GB 
Virtual processors: 2 
Network adapters: 2 


START RECOVERY £03 RECOVERY OPTIONS 


6. Click Start recovery. 
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7. 


When recovering to an existing virtual machine, confirm that you want to overwrite the disks. 


The recovery progress is shown on the Activities tab. 


6.3.4 Recovering disks by using bootable media 


For information about how to create bootable media, refer to "Creating bootable media". 


To recover disks by using bootable media 


1. 
2. 


10. 


Boot the target machine by using bootable media. 
[For macOS only] If you are recovering APFS-formatted volumes to a non-original machine or to 
bare metal, re-create the original disk configuration manually: 


a. Click Disk Utility. 


b. Re-create the original disk configuration. For instructions, refer to 


https://support.apple.com/guide/disk-utility/welcome. 
c. Click Disk Utility > Quit Disk Utility. 


Note 

Starting with macOS 11 Big Sur, the System volume cannot be backed up and recovered. To 
recover a bootable macOS system, you need to recover the Data volume, and then to install 
macOS on it. 


Click Manage this machine locally or click Rescue Bootable Media twice, depending on the 
media type you are using. 

If a proxy server is enabled in your network, click Tools > Proxy server, and then specify the 
proxy server host name/IP address and port. Otherwise, skip this step. 

On the welcome screen, click Recover. 


Click Select data, and then click Browse. 


Specify the backup location: 

e To recover from cloud storage, select Cloud storage. Enter the credentials of the account to 
which the backed up machine is assigned. 

e Torecover from a local or a network folder, browse to the folder under Local folders or 
Network folders. 


Click OK to confirm your selection. 


Select the backup from which you want to recover the data. If prompted, type the password for 
the backup. 

In Backup contents, select the disks that you want to recover. Click OK to confirm your 
selection. 

Under Where to recover, the software automatically maps the selected disks to the target disks. 
If the mapping is not successful or if you are unsatisfied with the mapping result, you can re-map 
disks manually. 


Note 
Changing disk layout may affect the operating system bootability. Please use the original 
machine's disk layout unless you feel fully confident of success. 


11. [For macOS only] To recover an APFS-formatted Data volume as a bootable macOS system, in the 
macOS Installation section, keep the check box Install macOS on the recovered macOS 
Data volume selected. 

After the recovery, the system reboots and the macOS installation starts automatically. You need 
an Internet connection for the installer to download the necessary files. 

If you do not need to recover the APFS-formatted Data volume as a bootable system, clear the 
Install macOS on the recovered macOS Data volume check box. You can still make this 
volume bootable later, by installing macOS on it manually. 

12. [For Linux only] If the backed-up machine had logical volumes (LVM) and you want to reproduce 
the original LVM structure: 

a. Ensure that the number of the target machine disks and each disk capacity are equal to or 
exceed those of the original machine, and then click Apply RAID/LVM. 
b. Review the volume structure, and then click Apply RAID/LVM to create it. 
13. [Optional] Click Recovery options to specify additional settings. 
14. Click OK to start the recovery. 


6.3.5 Using Universal Restore 


The most recent operating systems remain bootable when recovered to dissimilar hardware, 
including the VMware or Hyper-V platforms. If a recovered operating system does not boot, use the 
Universal Restore tool to update the drivers and modules that are critical for the operating system 


startup. 
Universal Restore is applicable to Windows and Linux. 
To apply Universal Restore 


1. Boot the machine from the bootable media. 

2. Click Apply Universal Restore. 

3. If there are multiple operating systems on the machine, choose the one to apply Universal Restore 
to. 

4. [For Windows only] Configure the additional settings. 
Click OK. 


Universal Restore in Windows 
Preparation 


Prepare drivers 


Before applying Universal Restore to a Windows operating system, make sure that you have the 
drivers for the new HDD controller and the chipset. These drivers are critical to start the operating 
system. Use the CD or DVD supplied by the hardware vendor or download the drivers from the 
vendor's website. The driver files should have the *.inf extension. If you download the drivers in the 
* exe, *.cab or *.zip format, extract them using a third-party application. 


The best practice is to store drivers for all the hardware used in your organization in a single 
repository sorted by device type or by the hardware configurations. You can keep a copy of the 
repository on a DVD or a flash drive; pick some drivers and add them to the bootable media; create 
the custom bootable media with the necessary drivers (and the necessary network configuration) for 
each of your servers. Or, you can simply specify the path to the repository every time Universal 
Restore is used. 


Check access to the drivers in bootable environment 


Make sure you have access to the device with drivers when working under bootable media. Use 
WinPE-based media if the device is available in Windows but Linux-based media does not detect it. 


Universal Restore settings 


Automatic driver search 


Specify where the program will search for the Hardware Abstraction Layer (HAL), HDD controller 
driver and network adapter driver(s): 


e If the drivers are on a vendor's disc or other removable media, turn on the Search removable 
media. 

e Ifthe drivers are located in a networked folder or on the bootable media, specify the path to the 
folder by clicking Add folder. 


In addition, Universal Restore will search the Windows default driver storage folder. Its location is 
determined in the registry value DevicePath, which can be found in the registry key HKEY_LOCAL_ 
MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion. This storage folder is usually 
WINDOWS/inf. 


Universal Restore will perform the recursive search in all the sub-folders of the specified folder, find 
the most suitable HAL and HDD controller drivers of all those available, and install them into the 
system. Universal Restore also searches for the network adapter driver; the path to the found driver 
is then transmitted by Universal Restore to the operating system. If the hardware has multiple 
network interface cards, Universal Restore will try to configure all the cards' drivers. 


Mass storage drivers to install anyway 


You need this setting if: 


e The hardware has a specific mass storage controller such as RAID (especially NVIDIA RAID) or a 
fibre channel adapter. 

e You migrated a system to a virtual machine that uses a SCSI hard drive controller. Use SCSI drivers 
bundled with your virtualization software or download the latest drivers versions from the 
software manufacturer website. 


e Ifthe automatic drivers search does not help to boot the system. 


Specify the appropriate drivers by clicking Add driver. The drivers defined here will be installed, with 
appropriate warnings, even if the program finds a better driver. 


Universal Restore process 


After you have specified the required settings, click OK. 


If Universal Restore cannot find a compatible driver in the specified locations, it will display a prompt 
about the problem device. Do one of the following: 


e Add the driver to any of the previously specified locations and click Retry. 

e If you do not remember the location, click Ignore to continue the process. If the result is not 
satisfactory, reapply Universal Restore. When configuring the operation, specify the necessary 
driver. 


Once Windows boots, it will initialize the standard procedure for installing new hardware. The 
network adapter driver will be installed silently if the driver has the Microsoft Windows signature. 
Otherwise, Windows will ask for confirmation on whether to install the unsigned driver. 


After that, you will be able to configure the network connection and specify drivers for the video 
adapter, USB and other devices. 


Universal Restore in Linux 
Universal Restore can be applied to Linux operating systems with a kernel version of 2.6.8 or later. 


When Universal Restore is applied to a Linux operating system, it updates a temporary file system 
known as the initial RAM disk (initrd). This ensures that the operating system can boot on the new 
hardware. 


Universal Restore adds modules for the new hardware (including device drivers) to the initial RAM 
disk. As a rule, it finds the necessary modules in the /lib/modules directory. If Universal Restore 
cannot find a module it needs, it records the module's file name into the log. 


Universal Restore may modify the configuration of the GRUB boot loader. This may be required, for 
example, to ensure the system bootability when the new machine has a different volume layout than 
the original machine. 


Universal Restore never modifies the Linux kernel. 


Reverting to the original initial RAM disk 


You can revert to the original initial RAM disk if necessary. 


The initial RAM disk is stored on the machine in a file. Before updating the initial RAM disk for the first 
time, Universal Restore saves a copy of it to the same directory. The name of the copy is the name of 
the file, followed by the __acronis_backup.img suffix. This copy will not be overwritten if you run 
Universal Restore more than once (for example, after you have added missing drivers). 


To revert to the original initial RAM disk, do any of the following: 


e Rename the copy accordingly. For example, run a command similar to the following: 


mv initrd-2.6.16.60-0.21-default_acronis_backup.img initrd-2.6.16.60-0.21- 
default 


e Specify the copy in the initrd line of the GRUB boot loader configuration. 


6.4 Recovering files 


6.4.1 Recovering files by using the web interface 


1. Select the machine that originally contained the data that you want to recover. 
2. Click Recovery. 
3. Select the recovery point. Note that recovery points are filtered by location. 

If the selected machine is physical and it is offline, recovery points are not displayed. Do one of 

the following: 

e [Recommended] If the backup location is cloud or shared storage (i.e. other agents can access 
it), click Select machine, select a target machine that is online, and then select a recovery 
point. 

e Select a recovery point on the Backups tab. 

e Download the files from the cloud storage. 

e Use bootable media. 

4. Click Recover > Files/folders. 

Browse to the required folder or use search to obtain the list of the required files and folders. 

You can use one or more wildcard characters (* and ?). For more details about using wildcards, 

refer to "File filters" 


Note 
Search is not available for disk-level backups that are stored in the cloud storage. 


6. Select the files that you want to recover. 
If you want to save the files as a .zip file, click Download, select the location to save the data to, 
and click Save. Otherwise, skip this step. 


10. 
11. 


Downloading is not available if your selection contains folders or the total size of the selected files 
exceeds 100 MB. 


Click Recover. 

In Recover to, you see one of the following: 

e The machine that originally contained the files that you want to recover (if an agent is installed 
on this machine). 

e The machine where Agent for VMware or Agent for Hyper-V is installed (if the files originate 
from an ESXi or Hyper-V virtual machine). 

This is the target machine for the recovery. You can select another machine, if necessary. 

In Path, select the recovery destination. You can select one of the following: 

e The original location (when recovering to the original machine) 

e Alocal folder on the target machine 


Note 
Symbolic links are not supported. 


e Anetwork folder that is accessible from the target machine. 
Click Start recovery. 

Select one of the file overwriting options: 

e Overwrite existing files 

e Overwrite an existing file if it is older 


e« Do not overwrite existing files 


The recovery progress is shown on the Activities tab. 


6.4.2 Downloading files from the cloud storage 


You can browse the cloud storage, view the contents of the backups, and download files that you 
need. 


Limitations 


e Backups of system state, SQL databases, and Exchange databases cannot be browsed. 


e Fora better downloading experience, download no more than 100 MB at a time. To quickly 


retrieve larger amounts of data from the cloud, use the file recovery procedure. 


To download files from the cloud storage 


1 

2 
3. 
4 


Select a machine that was backed up. 
Click Recover > More ways to recover... > Download files. 
Enter the credentials of the account to which the backed up machine is assigned. 


[When browsing disk-level backups] Under Versions, click the backup from which you want to 
recover the files. 


ABR11MMS > ABR11MMS-New Backup Plan 
Versions 
| E] Backup #10 14/01/15 08:43 Size: 21.52 MB 
| =] Backup #1 14/01/15 07:32 Size: 3.05 GB 


[When browsing file-level backups] You can select the backup date and time in the next step, 
under the gear icon located to the right of the selected file. By default, files are recovered from the 
latest backup. 


5. Browse to the required folder or use search to obtain the list of the required files. 


Microsoft > Windows > Recent Q Seah 
NAME SIZE DATE 
a 
|| AutomaticDestinations 03/27/15 11:27 PM 
== 
[| CustomDestinations 03/12/15 03:39 AM 
LS asdas.Ink 523 byte 03/27/15 11:29 PM & 
Download 
LS desktop. ini 432 byte 07/12/11 02:27 PM 
View versions 
1-4 of 4 


6. Select the check boxes for the items you need to recover, and then click Download. 


If you select a single file, it will be downloaded as is. Otherwise, the selected data will be archived 
into a .zip file. 


7. Select the location to save the data to, and then click Save. 


6.4.3 Verifying file authenticity with Notary Service 


If notarization was enabled during backup, you can verify the authenticity of a backed-up file. 
To verify the file authenticity 


1. Select the file as described in steps 1-6 of the "Recovering files by using the web interface" section, 
or steps 1-5 of the "Downloading files from the cloud storage" section. 


2. Ensure that the selected file is marked with the following icon: Lo This means that the file is 
notarized. 
3. Do one of the following: 
e Click Verify. 
The software checks the file authenticity and displays the result. 
e Click Get certificate. 


190 © Acronis International GmbH, 2003-2021 


A certificate that confirms the file notarization is opened in a web browser window. The window 
also contains instructions that allow you to verify the file authenticity manually. 


6.4.4 Signing a file with ASign 


ASign is a service that allows multiple people to sign a backed-up file electronically. This feature is 
available only for file-level backups stored in the cloud storage. 


Only one file version can be signed at a time. If the file was backed up multiple times, you must 
choose the version to sign, and only this version will be signed. 


For example, ASign can be used for electronic signing of the following files: 


e Rental or lease agreements 
e Sales contracts 

e Asset purchase agreements 
e Loan agreements 

e Permission slips 

e Financial documents 

e Insurance documents 

e Liability waivers 

e Healthcare documents 

e Research papers 

e Certificates of product authenticity 
e Nondisclosure agreements 
e Offer letters 

e Confidentiality agreements 


e Independent contractor agreements 
To sign a file version 


1. Select the file as described in steps 1-6 of the "Recovering files by using the web interface" section. 

2. Ensure that the correct date and time is selected on the left panel. 

3. Click Sign this file version. 

4. Specify the password for the cloud storage account under which the backup is stored. The login of 
the account is displayed in the prompt window. 
The ASign service interface is opened in a web browser window. 

5. Add other signees by specifying their email addresses. It is not possible to add or remove signees 
after sending invitations, so ensure that the list includes everyone whose signature is required. 

6. Click Invite to sign to send invitations to the signees. 
Each signee receives an email message with the signature request. When all the requested signees 
sign the file, it is notarized and signed through the notary service. 


You will receive notifications when each signee signs the file and when the entire process is 
complete. You can access the ASign web page by clicking View details in any of the email 
messages that you receive. 

7. Once the process is complete, go to the ASign web page and click Get document to download a 
.pdf document that contains: 
e The Signature Certificate page with the collected signatures. 
e The Audit Trail page with history of activities: when the invitation was sent to the signees, when 

each signee signed the file, and so on. 


6.4.5 Recovering files by using bootable media 
For information about how to create bootable media, refer to "Creating bootable media". 
To recover files by using bootable media 


1. Boot the target machine by using the bootable media. 

2. Click Manage this machine locally or click Rescue Bootable Media twice, depending on the 
media type you are using. 

3. If a proxy server is enabled in your network, click Tools > Proxy server, and then specify the 
proxy server host name/IP address and port. Otherwise, skip this step. 

4. Onthe welcome screen, click Recover. 


Click Select data, and then click Browse. 


6. Specify the backup location: 
e To recover from cloud storage, select Cloud storage. Enter the credentials of the account to 
which the backed up machine is assigned. 
e Torecover from a local or a network folder, browse to the folder under Local folders or 
Network folders. 
Click OK to confirm your selection. 


7. Select the backup from which you want to recover the data. If prompted, type the password for 

the backup. 
In Backup contents, select Folders/files. 
Select the data that you want to recover. Click OK to confirm your selection. 

10. Under Where to recover, specify a folder. Optionally, you can prohibit overwriting of newer 
versions of files or exclude some files from recovery. 

11. [Optional] Click Recovery options to specify additional settings. 

12. Click OK to start the recovery. 


Note 

Tape Location takes a lot of space and might not fit in RAM when you rescan and recover under Linux 
bootable media and WinPE bootable media. For Linux, you have to mount another location to save 
the data on a disk or share. See Acronis Cyber Backup Advanced: Changing the TapeLocation Folder 
(KB 27445). For Windows PE, there is no workaround at the moment. 


6.4.6 Extracting files from local backups 


You can browse the contents of backups and extract files that you need. 


Requirements 


e This functionality is available only in Windows by using File Explorer. 
e A backup agent must be installed on the machine from which you browse a backup. 


e The backed-up file system must be one of the following: FAT16, FAT32, NTFS, ReFS, Ext2, Ext3, 
Ext4, XFS, or HFS+. 


e The backup must be stored in a local folder or on a network share (SMB/CIFS). 
To extract files from a backup 


1. Browse to the backup location by using File Explorer. 

2. Double-click the backup file. The file names are based on the following template: 
<machine name> - <backup plan GUID> 

3. Ifthe backup is encrypted, enter the encryption password. Otherwise, skip this step. 
File Explorer displays the recovery points. 

4. Double-click the recovery point. 
File Explorer displays the backed-up data. 

5. Browse to the required folder. 


6. Copy the required files to any folder on the file system. 


6.5 Recovering system state 


. Select the machine for which you want to recover the system state. 
Click Recovery. 


1 
2 
3. Select a system state recovery point. Note that recovery points are filtered by location. 
4. Click Recover system state. 

5 


. Confirm that you want to overwrite the system state with its backed-up version. 
The recovery progress is shown on the Activities tab. 


6.6 Recovering ESXi configuration 


To recover an ESXi configuration, you need Linux-based bootable media. For information about how 
to create bootable media, refer to "Creating bootable media". 


If you are recovering an ESXi configuration to a non-original host and the original ESXi host is still 
connected to the vCenter Server, disconnect and remove this host from the vCenter Server to avoid 
unexpected issues during the recovery. If you want to keep the original host along with the recovered 
one, you can add it again after the recovery is complete. 


The virtual machines running on the host are not included in an ESXi configuration backup. They can 


be backed up and recovered separately. 


To recover an ESXi configuration 


u oe WwW Yo a 


Boot the target machine by using the bootable media. 

Click Manage this machine locally. 

On the welcome screen, click Recover. 

Click Select data, and then click Browse. 

Specify the backup location: 

e Browse to the folder under Local folders or Network folders. 
Click OK to confirm your selection. 


In Show, select ESXi configurations. 


7. Select the backup from which you want to recover the data. If prompted, type the password for 


10. 


11. 


12. 
13. 


the backup. 

Click OK. 

In Disks to be used for new datastores, do the following: 

e Under Recover ESXi to, select the disk where the host configuration will be recovered. If you 
are recovering the configuration to the original host, the original disk is selected by default. 

e [Optional] Under Use for new datastore, select the disks where new datastores will be 
created. Be careful because all data on the selected disks will be lost. If you want to preserve 
the virtual machines in the existing datastores, do not select any disks. 

If any disks for new datastores are selected, select the datastore creation method in How to 

create new datastores: Create one datastore per disk or Create one datastore on all 

selected HDDs. 

[Optional] In Network mapping, change the result of automatic mapping of the virtual switches 

present in the backup to the physical network adapters. 

[Optional] Click Recovery options to specify additional settings. 


Click OK to start the recovery. 


6.7 Recovery options 


To modify the recovery options, click Recovery options when configuring recovery. 


6.7.1 Availability of the recovery options 


The set of available recovery options depends on: 


e The environment the agent that performs recovery operates in (Windows, Linux, macOS, or 


bootable media). 


e The type of data being recovered (disks, files, virtual machines, application data). 


The following table summarizes the availability of the recovery options. 


Virtual SQL and 
machine | Exchang 
Window | Linux Window | Linux | macOS ESXi and 
S S Hyper-V 
Backup 
validation 


Date and 
time for 
files 


Error 
handling 


File 
exclusions 


Flashback 


Full path 
recovery 


Mount 
points 


Pre/post 
commands 


VM power 
manageme 
nt 


Windows 


event log 


Power on 
after 
recovery 


6.7.2 Backup validation 


This option defines whether to validate a backup to ensure that the backup is not corrupted, before 
data is recovered from it. 


The preset is: Disabled. 


Validation calculates a checksum for every data block saved in the backup. The only exception is 
validation of file-level backups that are located in the cloud storage. These backups are validated by 
checking consistency of the meta information saved in the backup. 


Validation is a time-consuming process, even for an incremental or differential backup, which are 
small in size. This is because the operation validates not only the data physically contained in the 
backup, but all of the data recoverable by selecting the backup. This requires access to previously 
created backups. 


Note 
Validation is available for cloud storage located in an Acronis data center and provided by Acronis 
partners. 


6.7.3 Boot mode 


This option is effective when recovering a physical or a virtual machine from a disk-level backup that 
contains a Windows operating system. 


This option enables you to select the boot mode (BIOS or UEFI) that Windows will use after the 
recovery. If the boot mode of the original machine is different from the selected boot mode, the 
software will: 


e Initialize the disk to which you are recovering the system volume, according to the selected boot 
mode (MBR for BIOS, GPT for UEFI). 


e Adjust the Windows operating system so that it can start using the selected boot mode. 
The preset is: As on the target machine. 
You can choose one of the following: 


e As on the target machine 
The agent that is running on the target machine detects the boot mode currently used by Windows 
and makes the adjustments according to the detected boot mode. 
This is the safest value that automatically results in bootable system unless the limitations listed 
below apply. Since the Boot mode option is absent under bootable media, the agent on media 
always behaves as if this value is chosen. 


e As on the backed-up machine 


The agent that is running on the target machine reads the boot mode from the backup and makes 
the adjustments according to this boot mode. This helps you recover a system on a different 


machine, even if this machine uses another boot mode, and then replace the disk in the backed-up 
machine. 
e BIOS 
The agent that is running on the target machine makes the adjustments to use BIOS. 
e UEFI 
The agent that is running on the target machine makes the adjustments to use UEFI. 


Once a setting is changed, the disk mapping procedure will be repeated. This will take some time. 


Recommendations 
If you need to transfer Windows between UEFI and BIOS: 


e Recover the entire disk where the system volume is located. If you recover only the system volume 
on top of an existing volume, the agent will not be able to initialize the target disk properly. 


e Remember that BIOS does not allow using more than 2 TB of disk space. 


Limitations 


e Transferring between UEFI and BIOS is supported for: 
o 64-bit Windows operating systems starting with Windows Vista SP1 
o 64-bit Windows Server operating systems starting with Windows Server 2008 SP1 


e Transferring between UEFI and BIOS is not supported if the backup is stored on a tape device. 


When transferring a system between UEFI and BIOS is not supported, the agent behaves as if the As 
on the backed-up machine setting is chosen. If the target machine supports both UEFI and BIOS, 
you need to manually enable the boot mode corresponding to the original machine. Otherwise, the 
system will not boot. 


6.7.4 Date and time for files 


This option is effective only when recovering files. 


This option defines whether to recover the files' date and time from the backup or assign the files the 
current date and time. 


If this option is enabled, the files will be assigned the current date and time. 


The preset is: Enabled. 


6.7.5 Error handling 


These options enable you to specify how to handle errors that might occur during recovery. 


Re-attempt, if an error occurs 


The preset is: Enabled. Number of attempts: 30. Interval between attempts: 30 seconds. 


When a recoverable error occurs, the program re-attempts to perform the unsuccessful operation. 
You can set the time interval and the number of attempts. The attempts will be stopped as soon as 
the operation succeeds OR the specified number of attempts are performed, depending on which 
comes first. 


Do not show messages and dialogs while processing (silent mode) 


The preset is: Disabled. 


With the silent mode enabled, the program will automatically handle situations requiring user 
interaction where possible. If an operation cannot continue without user interaction, it will fail. 
Details of the operation, including errors, if any, can be found in the operation log. 


Save system information if a recovery with reboot fails 


This option is effective for a disk or volume recovery to a physical machine running Windows or 
Linux. 


The preset is: Disabled. 


When this option is enabled, you can specify a folder on the local disk (including flash or HDD drives 
attached to the target machine) or on a network share where the log, system information, and crash 
dump files will be saved. This file will help the technical support personnel to identify the problem. 


6.7.6 File exclusions 
This option is effective only when recovering files. 
The option defines which files and folders to skip during the recovery process and thus exclude from 


the list of recovered items. 


Note 
Exclusions override the selection of data items to recover. For example, if you select to recover file 
MyFile.tmp and to exclude all .tmp files, file MyFile.tmp will not be recovered. 


6.7.7 File-level security 


This option is effective when recovering files from disk- and file-level backups of NTFS-formatted 
volumes. 


This option defines whether to recover NTFS permissions for files along with the files. 
The preset is: Enabled. 


You can choose whether to recover the permissions or let the files inherit their NTFS permissions 
from the folder to which they are recovered. 


6.7.8 Flashback 


This option is effective when recovering disks and volumes on physical and virtual machines, except 
for Mac. 


If the option is enabled, only the differences between the data in the backup and the target disk data 
are recovered. This accelerates data recovery to the same disk as was backed up, especially if the 
volume layout of the disk has not changed. The data is compared at the block level. 


For physical machines, comparing the data at the block level is a time-consuming operation. If the 
connection to the backup storage is fast, it will take less time to recover the entire disk than to 
calculate the data differences. Therefore, we recommend that you enable this option only if the 
connection to the backup storage is slow (for example, if the backup is stored in the cloud storage or 
on aremote network folder). 


When recovering a physical machine, the preset depends on the backup location: 


e If the backup location is the cloud storage, the preset is: Enabled. 


e For other backup locations, the preset is: Disabled. 


When recovering a virtual machine, the preset is: Enabled. 


6.7.9 Full path recovery 
This option is effective only when recovering data from a file-level backup. 
If this option is enabled, the full path to the file will be re-created in the target location. 


The preset is: Disabled. 


6.7.10 Mount points 
This option is effective only in Windows for recovering data from a file-level backup. 


Enable this option to recover files and folders that were stored on the mounted volumes and were 
backed up with the enabled Mount points option. 


The preset is: Disabled. 


This option is effective only when you select for recovery a folder that is higher in the folder hierarchy 
than the mount point. If you select for recovery folders within the mount point or the mount point 
itself, the selected items will be recovered regardless of the Mount points option value. 


Note 
Please be aware that if the volume is not mounted at the moment of recovery, the data will be 
recovered directly to the folder that has been the mount point at the time of backing up. 


6.7.11 Performance 


This option defines the priority of the recovery process in the operating system. 


The available settings are: Low, Normal, High. 
The preset is: Normal. 


The priority of a process running in a system determines the amount of CPU and system resources 
allocated to that process. Decreasing the recovery priority will free more resources for other 
applications. Increasing the recovery priority might speed up the recovery process by requesting the 
operating system to allocate more resources to the application that will perform the recovery. 
However, the resulting effect will depend on the overall CPU usage and other factors like disk I/O 
speed or network traffic. 


6.7.12 Pre/Post commands 


The option enables you to define the commands to be automatically executed before and after the 
data recovery. 


Example of how you can use the pre/post commands: 


e Launch the Checkdisk command in order to find and fix logical file system errors, physical errors 
or bad sectors to be started before the recovery starts or after the recovery ends. 


The program does not support interactive commands, i.e. commands that require user input (for 
example, "pause".) 


A post-recovery command will not be executed if the recovery proceeds with reboot. 


Pre-recovery command 
To specify a command/batch file to be executed before the recovery process starts 


1. Enable the Execute a command before the recovery switch. 

2. Inthe Command... field, type a command or browse to a batch file. The program does not 
support interactive commands, i.e. commands that require user input (for example, "pause".) 

3. Inthe Working directory field, specify a path to a directory where the command/batch file will 
be executed. 

4. Inthe Arguments field specify the command's execution arguments, if required. 
Depending on the result you want to obtain, select the appropriate options as described in the 


table below. 
6. Click Done. 
Check box Selection 
Fail the recovery if the Selected Cleared Selected Cleared 
command execution 
fails* 
Do not recover until Selected Selected Cleared Cleared 


the command 
execution is complete 


Result 


Preset Perform the N/A Perform the 
Perform the recovery after the recovery 
recovery only after | command is concurrently with 
the command is executed despite the command 
successfully execution failure or execution and 
executed. Fail the success. irrespective of the 
recovery if the command 
command execution result. 


execution failed. 


* A command is considered failed if its exit code is not equal to zero. 


Post-recovery command 


To specify a command/executable file to be executed after the recovery is completed 


ile 


Enable the Execute a command after the recovery switch. 


2. Inthe Command... field, type a command or browse to a batch file. 

3. Inthe Working directory field, specify a path to a directory where the command/batch file will 
be executed. 

4. Inthe Arguments field, specify the command execution arguments, if required. 
Select the Fail the recovery if the command execution fails check box if successful 
execution of the command is critical for you. The command is considered failed if its exit code is 
not equal to zero. If the command execution fails, the recovery status will be set to Error. 
When the check box is not selected, the command execution result does not affect the recovery 
failure or success. You can track the command execution result by exploring the Activities tab. 

6. Click Done. 

Note 


A post-recovery command will not be executed if the recovery proceeds with reboot. 


6.7.13 SID changing 


This option is effective when recovering Windows 8.1/Windows Server 2012 R2 or earlier. 


This option is not effective when recovery to a virtual machine is performed by Agent for VMware or 


Agent for Hyper-V. 


The preset is: Disabled. 


The software can generate a unique security identifier (Computer SID) for the recovered operating 
system. You only need this option to ensure operability of third-party software that depends on 


Computer SID. 


Microsoft does not officially support changing SID on a deployed or recovered system. So use this 


option at your own risk. 


6.7.14 VM power management 


These options are effective when recovery to a virtual machine is performed by Agent for VMware or 
Agent for Hyper-V. 


Power off target virtual machines when starting recovery 
The preset is: Enabled. 


Recovery to an existing virtual machine is not possible if the machine is online, and so the machine is 
powered off automatically as soon as the recovery starts. Users will be disconnected from the 
machine and any unsaved data will be lost. 


Clear the check box for this option if you prefer to power off virtual machines manually before the 
recovery. 


Power on the target virtual machine when recovery is complete 
The preset is: Disabled. 


After a machine is recovered from a backup to another machine, there is a chance the existing 
machine's replica will appear on the network. To be on the safe side, power on the recovered virtual 
machine manually, after you take the necessary precautions. 


6.7.15 Windows event log 
This option is effective only in Windows operating systems. 


This option defines whether the agents have to log events of the recovery operations in the 
Application Event Log of Windows (to see this log, run eventvwr.exe or select Control Panel > 
Administrative tools > Event Viewer). You can filter the events to be logged. 


The preset is: Disabled. 


7 Disaster recovery 


This feature is available only in cloud deployments of Acronis Cyber Backup. For a detailed 
description of this functionality, please refer to 


https://www.acronis.com/support/documentation/DisasterRecovery/index.html#43224.html. 
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8 Operations with backups 


8.1 The Backups tab 


The Backups tab shows backups of all machines ever registered on the management server. This 
includes offline machines and machines that are no longer registered. 


Backups that are stored in a shared location (such as an SMB or NFS share) are visible to all users that 
have the read permission for the location. 


In Windows, backup files inherit the access permissions from their parent folder. Therefore, it is 
recommended to restrict the read permissions for this folder. 


Inthe cloud storage, users have access only to their own backups. In a cloud deployment, an 
administrator can view backups on behalf of any account that belongs to the same group and its 
child groups. This account is indirectly chosen in Machine to browse from. The Backups tab shows 
backups of all machines ever registered under the same account as this machine is registered. 


Backup locations that are used in backup plans are automatically added to the Backups tab. To add 
a custom folder (for example, a detachable USB device) to the list of backup locations, click Browse 
and specify the folder path. 


To select a recovery point by using the Backups tab 


1. On the Backups tab, select the location where the backups are stored. 
The software displays all backups that your account is allowed to view in the selected location. The 
backups are combined in groups. The group names are based on the following template: 
<machine name> - <backup plan name> 

2. Select a group from which you want to recover the data. 

3. [Optional] Click Change next to Machine to browse from, and then select another machine. 
Some backups can only be browsed by specific agents. For example, you must select a machine 
running Agent for SQL to browse the backups of Microsoft SQL Server databases. 


Important 

Be aware that the Machine to browse from is a default destination for recovery from a physical 
machine backup. After you select a recovery point and click Recover, double check the Target 
machine setting to ensure that you want to recover to this specific machine. To change the 
recovery destination, specify another machine in Machine to browse from. 


4. Click Show backups. 


5. Select the recovery point. 


8.2 Mounting volumes from a backup 


Mounting volumes from a disk-level backup lets you access the volumes as though they were physical 
disks. 


Mounting volumes in the read/write mode enables you to modify the backup content; that is, save, 
move, create, delete files or folders, and run executables consisting of one file. In this mode, the 
software creates an incremental backup that contains the changes you make to the backup content. 
Please be aware that none of the subsequent backups will contain these changes. 


8.2.1 Requirements 


This functionality is available only in Windows by using File Explorer. 

Agent for Windows must be installed on the machine that performs the mount operation. 
The backed-up file system must be supported by the Windows version that the machine is 
running. 


The backup must be stored in a local folder, on a network share (SMB/CIFS), or in the Secure Zone. 


8.2.2 Usage scenarios 


Sharing data 

Mounted volumes can be easily shared over the network. 

"Band aid" database recovery solution 

Mount a volume that contains an SQL database from a recently failed machine. This will provide 
access to the database until the failed machine is recovered. This approach can also be used for 
granular recovery of Microsoft SharePoint data by using SharePoint Explorer. 

Offline virus clean 

If amachine is infected, mount its backup, clean it with an antivirus program (or find the latest 
backup that is not infected), and then recover the machine from this backup. 

Error check 

If arecovery with volume resize has failed, the reason may be an error in the backed-up file 
system. Mount the backup in the read/write mode. Then, check the mounted volume for errors by 
using the chkdsk /r command. Once the errors are fixed and a new incremental backup is created, 
recover the system from this backup. 


To mount a volume from a backup 


Browse to the backup location by using File Explorer. 

Double-click the backup file. By default, the file names are based on the following template: 
<machine name> - <backup plan GUID> 

If the backup is encrypted, enter the encryption password. Otherwise, skip this step. 

File Explorer displays the recovery points. 

Double-click the recovery point. 


File Explorer displays the backed-up volumes. 


Note 
Double-click a volume to browse its content. You can copy files and folders from the backup to 
any folder on the file system. 


5. Right-click a volume to mount, and then click one of the following: 
« Mount 
«e Mount in read-only mode 
6. If the backup is stored on a network share, provide access credentials. Otherwise, skip this step. 


The software mounts the selected volume. The first unused letter is assigned to the volume. 
To unmount a volume 


1. Browse to Computer (This PC in Windows 8.1 and later) by using File Explorer. 

2. Right-click the mounted volume. 

3. Click Unmount. 

4. If the volume was mounted in the read/write mode, and its content was modified, select whether 
to create an incremental backup containing the changes. Otherwise, skip this step. 


The software unmounts the selected volume. 


8.3 Exporting backups 


The export operation creates a self-sufficient copy of a backup in the location you specify. The 
original backup remains untouched. Export enables you to separate a specific backup from a chain of 
incremental and differential backups for fast recovery, writing onto removable or detachable media 
or other purposes. 


The result of an export operation is always a full backup. If you want to replicate the entire backup 
chain to a different location and preserve multiple recovery points, use a backup replication plan. 


The backup file name of the exported backup depends on the value of the backup format option: 


e Forthe Version 12 format with any backup scheme, the backup file name is the same as that of 
the original backup, except for the sequence number. If multiple backups from the same backup 
chain are exported to the same location, a four-digit sequence number is appended to the file 
names of all backups except for the first one. 

e Forthe Version 11 format with the Always incremental (single-file) backup scheme, the 
backup file name exactly matches the backup file name of the original backup. If multiple backups 
from the same backup chain are exported to the same location, every export operation overwrites 
the previously exported backup. 

e Forthe Version 11 format with other backup schemes, the backup file name is the same as that 
of the original backup, except for the timestamp. The timestamps of the exported backups 
correspond to the time when the export is performed. 


The exported backup inherits the encryption settings and password from the original backup. When 
exporting an encrypted backup, you must specify the password. 


To export a backup 


1. Select the backed-up machine. 


2. Click Recovery. 


o N D u B 


Select a recovery point. Note that recovery points are filtered by location. 
If the machine is offline, the recovery points are not displayed. Do any of the following: 


e If the backup location is cloud or shared storage (i.e. other agents can access it), click Select 
machine, select a target machine that is online, and then select a recovery point. 


e Select a recovery point on the Backups tab. 

Click the gear icon, and then click Export. 

Select the agent that will perform the export. 

If the backup is encrypted, provide the encryption password. Otherwise, skip this step. 
Specify the export destination. 

Click Start. 


8.4 Deleting backups 


Warning! 
When a backup is deleted, all of its data is permanently erased. Deleted data cannot be recovered. 


To delete backups of a machine that is online and present in the backup console 


1 

2. 
3. 
4 


5. 


On the All devices tab, select a machine whose backups you want to delete. 

Click Recovery. 

Select the location to delete the backups from. 

Do one of the following: 

e To delete a single backup, select the backup to delete, click the gear icon, and then click Delete. 
e To delete all backups in the selected location, click Delete all. 

Confirm your decision. 


To delete backups of any machine 


Ik 


4, 


On the Backups tab, select the location from which you want to delete the backups. 

The software displays all backups that your account is allowed to view in the selected location. The 
backups are combined in groups. The group names are based on the following template: 
<machine name> - <backup plan name> 

Select a group. 

Do one of the following: 


e To delete a single backup, click Show backups, select the backup to delete, click the gear icon, 
and then click Delete. 


e To delete the selected group, click Delete. 


Confirm your decision. 


To delete backups directly from the cloud storage 


1. 
2. 


Log in to the cloud storage, as described in "Downloading files from the cloud storage". 


Click the name of the machine whose backups you want to delete. 


The software displays one or more backup groups. 


3. Click the gear icon corresponding to the backup group that you want to delete. 


Click Remove. 


Confirm the operation. 
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Operations with backup plans 


For information about how to create a backup plan, refer to "Backup". 


To 


de 
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edit a backup plan 


If you want to edit the backup plan for all machines to which it is applied, select one of these 
machines. Otherwise, select the machines for which you want to edit the backup plan. 

Click Backup. 

Select the backup plan that you want to edit. 

Click the gear icon next to the backup plan name, and then click Edit. 

To modify the plan parameters, click the corresponding section of the backup plan panel. 
Click Save changes. 

To change the backup plan for all machines to which it is applied, click Apply the changes to 
this backup plan. Otherwise, click Create a new backup plan only for the selected 
devices. 


revoke a backup plan from machines 


. Select the machines that you want to revoke the backup plan from. 


Click Backup. 

If several backup plans are applied to the machines, select the backup plan that you want to 
revoke. 

Click the gear icon next to the backup plan name, and then click Revoke. 


delete a backup plan 


Select any machine to which the backup plan that you want to delete is applied. 

Click Backup. 

If several backup plans are applied to the machine, select the backup plan that you want to delete. 
Click the gear icon next to the backup plan name, and then click Delete. 

As aresult, the backup plan is revoked from all of the machines and completely removed from the 
web interface. 


10 The Plans tab 


You can manage backup plans and other plans by using the Plans tab. 
Each section of the Plans tab contains all plans of a specific type. The following sections are available: 


e Backup 

e Backup replication 
e Validation 

e Cleanup 

e Conversion to VM 
e VM replication 


- Bootable media. This section displays backup plans that were created for machines booted from 
bootable media and can only be applied to such machines. 


Plans for backup replication, validation, cleanup, and conversion to VM are available only with the 
Advanced license. Without the Advanced license, these actions can be performed only as a part of a 
backup plan. 


In each section, you can create, edit, disable, enable, delete, start the execution, and inspect the 
execution status of a plan. 


Cloning and stopping are available only for backup plans. Unlike stopping a backup from the 
Devices tab, the backup plan will be stopped on all devices where it is running. If the backup start is 
distributed in time for multiple devices, stopping the backup plan will also prevent it from starting on 
the devices where it is not running yet. 


You can also export a plan to a file and import a previously exported plan. 


10.1 Off-host data processing 


Note 
This functionality is not available in the Standard edition of Acronis Cyber Backup. 


Most actions that are a part of a backup plan, such as replication, validation, and applying retention 
rules, are performed by the agent that performs the backup. This puts additional workload on the 
machine where the agent is running, even after the backup process is complete. 


Separating the replication, validation, cleanup, and conversion plans from backup plans gives you the 
flexibility: 


e To choose another agent(s) for performing these operations 

e To schedule these operations for off-peak hours to minimize network bandwidth consumption 

e To shift these operations outside of business hours, if setting up a dedicated agent is not in your 
plans 


If you are using a storage node, installing a dedicated agent on the same machine makes sense. 


Unlike the backup and VM replication plans, which employ the time settings of machines running the 
agents, the off-host data processing plans run according to the time settings of the management 
server machine. 


10.1.1 Backup replication 


Supported locations 


The following table summarizes backup locations supported by backup replication plans. 


a s o a 
a, 
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To create a backup replication plan 


1. Click Plans > Backup replication. 
2. Click Create plan. 
The software displays a new plan template. 
[Optional] To modify the plan name, click the default name. 
4. Click Agent, and then select the agent that will perform the replication. 
You can select any agent that has access to the source and target backup locations. 
5. Click Items to replicate, and then select the backups that this plan will replicate. 
You can switch between selecting backups and selecting entire locations by using the Locations / 
Backups switch in the top-right corner. 


If the selected backups are encrypted, all of them must use the same encryption password. For 
backups that use different encryption passwords, create separate plans. 

Click Destination, and then specify the target location. 

[Optional] In How to replicate, select which backups to replicate. You can select one of the 
following: 

e All backups (default) 

e Only full backups 

e Only the last backup 


[Optional] Click Schedule, and then change the schedule. 
[Optional] Click Retention rules, and then specify the retention rules for the target location, as 
described in "Retention rules". 

10. If the backups selected in Items to replicate are encrypted, enable the Backup password 
switch, and then provide the encryption password. Otherwise, skip this step. 

11. [Optional] To modify the plan options, click the gear icon. 

12. Click Create. 


10.1.2 Validation 
Validation is an operation that checks the possibility of data recovery from a backup. 


Validation of a backup location validates all the backups stored in the location. 


How it works 


A validation plan offers two validation methods. If you select both methods, the operations will be 
performed consecutively. 


e Calculating a checksum for every data block saved in a backup 
For more information about validation by calculating a checksum, refer to "Backup validation". 

e Running a virtual machine from a backup 
This method works only for disk-level backups that contain an operating system. To use this 
method, you need an ESXi or Hyper-V host and a backup agent (Agent for VMware or Agent for 
Hyper-V) that manages this host. 
The agent runs a virtual machine from a backup, and then connects to VMware Tools or Hyper-V 
Heartbeat Service to ensure that the operating system has started successfully. If the connection 
fails, the agent attempts to connect every two minutes, a total of five times. If none of the 
attempts are successful, the validation fails. 
Regardless of the number of validation plans and validated backups, the agent that performs 
validation runs one virtual machine at a time. As soon as the validation result becomes clear, the 
agent deletes the virtual machine and runs the next one. 


If the validation fails, you can drill down to the details on the Activities section of the Overview tab. 


Supported locations 


The following table summarizes backup locations supported by validation plans. 


Backup location Calculating a checksum Running a VM 


To create a new validation plan 


1: 
2. 


Click Plans > Validation. 

Click Create plan. 

The software displays a new plan template. 

[Optional] To modify the plan name, click the default name. 

Click Agent, and then select the agent that will perform the validation. 

If you want to perform validation by running a virtual machine from a backup, select Agent for 
VMwere or Agent for Hyper-V. Otherwise, select any agent that is registered on the management 
server and has access to the backup location. 

Click Items to validate, and then select the backups that this plan will validate. 

You can switch between selecting backups and selecting entire locations by using the Locations / 
Backups switch in the top-right corner. 


If the selected backups are encrypted, all of them must use the same encryption password. For 
backups that use different encryption passwords, create separate plans. 
[Optional] In What to validate, select which backups to validate. You can select one of the 
following: 
e All backups 
e Only the last backup 
[Optional] Click How to validate, and then choose any of the following methods: 
e Checksum verification 
The software will calculate a checksum for every data block saved in a backup. 
e Run as a virtual machine 
The software will run a virtual machine from each backup. 
If you chose Run as a virtual machine: 


a. Click Target machine, and then select the virtual machine type (ESXi or Hyper-V), the host 
and the machine name template. 
The default name is [Machine Name] validate. 

b. Click Datastore for ESXi or Path for Hyper-V, and then select the datastore for the virtual 
machine. 

c. [Optional] Change the disk provisioning mode. 
The default setting is Thin for VMware ESXi and Dynamically expanding for Hyper-V. 


d. Donot disable the VM heartbeat switch if you need a correct validation result. This switch is 


designed for future releases. 


e. [Optional] Click VM settings to change the memory size and network connections of the 
virtual machine. 
By default, the virtual machine is not connected to a network and the virtual machine memory 
size equals that of the original machine. 
[Optional] Click Schedule, and then change the schedule. 
10. If the backups selected in Items to validate are encrypted, enable the Backup password 
switch, and then provide the encryption password. Otherwise, skip this step. 
11. [Optional] To modify the plan options, click the gear icon. 
12. Click Create. 


10.1.3 Cleanup 


Cleanup is an operation that deletes outdated backups according to the retention rules. 


Supported locations 


Cleanup plans support all backup locations, except for NFS folders, SFTP servers, and Secure Zone. 
To create a new cleanup plan 


1. Click Plans > Cleanup. 

2. Click Create plan. 
The software displays a new plan template. 
[Optional] To modify the plan name, click the default name. 

4. Click Agent, and then select the agent that will perform the cleanup. 
You can select any agent that has access to the backup location. 

5. Click Items to clean up, and then select the backups which this plan will clean up. 
You can switch between selecting backups and selecting entire locations by using the Locations / 
Backups switch in the top-right corner. 
If the selected backups are encrypted, all of them must use the same encryption password. For 
backups that use different encryption passwords, create separate plans. 
[Optional] Click Schedule, and then change the schedule. 
[Optional] Click Retention rules, and then specify the retention rules, as described in "Retention 
rules". 

8. Ifthe backups selected in Items to clean up are encrypted, enable the Backup password 
switch, and then provide the encryption password. Otherwise, skip this step. 
[Optional] To modify the plan options, click the gear icon. 

10. Click Create. 


10.1.4 Conversion to a virtual machine 


You can create a separate plan for the conversion to a virtual machine and run this plan manually or 
on a schedule. 


For information about prerequisites and limitations, please refer to "What you need to know about 
conversion". 


To create a plan for conversion to a virtual machine 


1. Click Plans > Conversion to VM. 
2. Click Create plan. 
The software displays a new plan template. 
[Optional] To modify the plan name, click the default name. 
4. In Convert to, select the type of the target virtual machine. You can select one of the following: 
e VMware ESXi 
e Microsoft Hyper-V 
«e VMware Workstation 
e VHDX files 
5. Doone of the following: 
e For VMware ESXi and Hyper-V: click Host, select the target host, and then specify the new 
machine name template. 
e For other virtual machine types: in Path, specify where to save the virtual machine files and the 
file name template. 
The default name is [Machine Name] converted. 
Click Agent, and then select the agent that will perform the conversion. 
Click Items to convert, and then select the backups that this plan will convert to virtual 
machines. 
You can switch between selecting backups and selecting entire locations by using the Locations / 
Backups switch in the top-right corner. 


If the selected backups are encrypted, all of them must use the same encryption password. For 
backups that use different encryption passwords, create separate plans. 
8. [Only for VMware ESXi and Hyper-V] Click Datastore for ESXi or Path for Hyper-V, and then select 
the datastore (storage) for the virtual machine. 
9. [Optional] For VMware ESXi and Hyper-V, you can also do the following: 
e Change the disk provisioning mode. The default setting is Thin for VMware ESXi and 
Dynamically expanding for Hyper-V. 
e Click VM settings to change the memory size, the number of processors, and the network 
connections of the virtual machine. 
10. [Optional] Click Schedule, and then change the schedule. 
11. If the backups selected in Items to convert are encrypted, enable the Backup password switch, 
and then provide the encryption password. Otherwise, skip this step. 
12. [Optional] To modify the plan options, click the gear icon. 
13. Click Create. 


11 Bootable media 


Note 

In cloud deployments, some of the features described in this section might not be available or might 
be different. For example, backup is available only with a bootable media that is built with the on- 
premises Bootable Media Builder. 


11.1 Bootable media 


Bootable media is a physical media (CD, DVD, USB flash drive or other removable media supported 
by the machine's BIOS as a boot device) that allows you to run the Acronis Cyber Backup agent either 
in a Linux-based environment or a Windows Preinstallation Environment (WinPE), without the help of 
an operating system. 


Bootable media is most often used to: 


e Recover an operating system that cannot start 

e Access and back up the data that has survived in a corrupted system 

e Deploy an operating system on bare metal 

e Create basic or dynamic volumes on bare metal 

e Back up sector-by-sector a disk with an unsupported file system 

e Back up offline any data that cannot be backed up online - for example, because the data is locked 
by arunning application or because the access to it is restricted. 


A machine can also be booted by using the network boot from Acronis PXE Server, Windows 
Deployment Services (WDS) or Remote Installation Services (RIS). These servers with uploaded 
bootable components can be thought of as a kind of bootable media too. You can create bootable 
media or configure the PXE server or WDS/RIS by using the same wizard. 


11.2 Create a bootable media or download a ready- 
made one? 


By using the Bootable Media Builder, you can create your own bootable media (Linux-based or 
WinPE-based) for Windows, Linux or macOS computers. For a fully-featured bootable media, you 
need to specify your Acronis Cyber Backup license key. Without this key, your bootable media will be 
capable of performing only recovery operations. 


Note 
The bootable media does not support hybrid drives. 


Also, you can download a ready-made bootable media (Linux-based only). You can use the 
downloaded bootable media only for recovery operations and access to Acronis Universal Restore. 


You cannot back up data, validate or export backups, manage disks, or use scripts with it. 
Downloaded bootable media is not suitable for macOS computers. 


To download a ready-made bootable media 


1. Inthe backup console, click the account icon in the top-right corner, and then click Downloads. 
2. Select Bootable media. 
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You can burn the downloaded ISO file to a CD/DVD or create a bootable USB flash drive by using one 
of the free tools that are available online. Use ISO to USB or RUFUS if you need to boot an UEFI 
machine, or Win32DiskImager for a BIOS machine. In Linux, using the dd utility makes sense. 


If the backup console is not accessible, you can download the ready-made bootable media from your 
account in Acronis Customer Portal: 


1. Go to https://account.acronis.com. 
Locate Acronis Cyber Backup, and then click Downloads. 


On the page that opens, locate Additional downloads, and then click Bootable Media ISO (for 
Windows and Linux). 
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11.3 Linux-based or WinPE-based bootable media? 


11.3.1 Linux-based 


Linux-based bootable media contains an Acronis Cyber Backup bootable agent based on Linux 
kernel. The agent can boot and perform operations on any PC-compatible hardware, including bare 
metal and machines with corrupted or non-supported file systems. The operations can be configured 
and controlled either locally or remotely, in the backup console. 


A list of the supported by Linux-based media hardware is available at: 
http://kb.acronis.com/content/55310. 


11.3.2 WinPE-based 


WinPE-based bootable media contains a minimal Windows system called Windows Preinstallation 
Environment (WinPE) and Acronis Plugin for WinPE, that is, a modification of Acronis Cyber Backup 
agent that can run in the preinstallation environment. 


WinPE proved to be the most convenient bootable solution in large environments with 
heterogeneous hardware. 


Advantages: 


e Using Acronis Cyber Backup in Windows Preinstallation Environment provides more functionality 
than using Linux-based bootable media. Having booted PC-compatible hardware into WinPE, you 
can use not only Acronis Cyber Backup agent, but also PE commands and scripts, and other plugins 
that you have added to the PE. 

e PE-based bootable media helps overcome some Linux-related bootable media issues such as 
support for certain RAID controllers or certain levels of RAID arrays only. Media based on WinPE 
2.x and later allow dynamic loading of the necessary device drivers. 


Limitations: 


e Bootable media based on WinPE versions earlier than 4.0 cannot boot on machines that use 
Unified Extensible Firmware Interface (UEFI). 

e When a machine is booted with a PE-based bootable media, you cannot select optical media such 
as CD, DVD, or Blu-ray Discs (BD) as a backup destination. 


11.4 Bootable Media Builder 


Bootable Media Builder is a dedicated tool for creating bootable media. It is available for on-premises 
deployments only. 


Bootable Media Builder is installed by default when you install the management server. You can 
install the media builder separately on any machine running Windows or Linux. The supported 
operating systems are the same as for the corresponding agents. 


11.4.1 Why use the media builder? 


The ready-made bootable media that is available for download in the backup console can be used 
only for recovery. This media is based on a Linux kernel. Unlike Windows PE, it does not allow 
injecting custom drivers on the fly. 


e The media builder enables you to create a customized, full-featured Linux-based and WinPE-based 
bootable media with the backup functionality. 


e Apart from creating physical bootable media, you can upload its components to Windows 
Deployment Services (WDS) and use a network boot. 


11.4.2 32- or 64-bit? 


Bootable Media Builder creates media with both 32-bit and 64-bit components. In most cases, you 
will need a 64-bit media to boot a machine that uses Unified Extensible Firmware Interface (U EFI). 


Bootable Media Builder x 


| Select the components to place on the bootable media 


ə Acronis Cyber Backup » Tools 


ə Acronis Cyber Backup (64-bit with UEFI support) 


Version: 12.5.16130 
® Acronis Cyber Backup (32-bit) Language: English 


* Tools 


ə Acronis Universal Restore (32-bit) 


ə Acronis Universal Restore (64-bit with UEFI support) 


Use the following script 


Autostart script name 


Backup to and recovery from the cloud storag 


Backup to and recovery from the bootable media 
Backup to and recovery from a network share 


Recovery from the cloud storage 


Space required: 624.7 MB 


11.4.3 Linux-based bootable media 
To create a Linux-based bootable media 


1. Start the Bootable Media Builder. 


2. To create a full-featured bootable media, specify an Acronis Cyber Backup license key. This key is 
used to determine which features will be included in the bootable media. No licenses will be 
revoked from any machines. 
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If you don't specify a license key, the resulting bootable media can only be used for recovery 
operations and access to Acronis Universal Restore. 
Bootable Media Builder 


| The functionality of the created media depends on the license keys that you provide 


© Create the media without specifying a license key (Only recovery will be available.) 
@ | will specify the key(s) manually 


Import keys from file... 


5V 


The license keys will not get assigned or reassigned. The license keys help determine which functionality to enable for the created media. 


< Back Cancel 


3. Select Bootable media type: Default (Linux-based media). 


Select how volumes and network resources will be represented: 


e A media with Linux-like volume representation displays the volumes as, for example, hda1 and 
sdb2. It tries to reconstruct MD devices and logical (LVM) volumes before starting a recovery. 


e A media with Windows-like volume representation displays the volumes as, for example, C: and 
D:. It provides access to dynamic (LDM) volumes. 


220 


© Acronis International GmbH, 2003-2021 


Bootable Media Builder = x 


| Select the bootable media type to create 


Bootable media type] Default (Linux-based media) X 


Select the way disks, volumes and network shares will be represented. 


Examples: hda1, sdb2, md1, smb://server/share, nfs://my_box/my_exported_dir. 
@) Windows-like representation 


Examples: C:, D:, \\server\share. 


[Optional] Specify the parameters of the Linux kernel. Separate multiple parameters with spaces. 


For example, to be able to select a display mode for the bootable agent each time the media 
starts, type: vga=ask 

For more information about the available parameters, refer to Kernel parameters. 

[Optional] Select a language that will be used in the bootable media. 

Select the components to be placed on the media: the Acronis Cyber Backup bootable agent, 
and/or Universal Restore if you plan to restore the system on dissimilar hardware. 

The bootable agent allows you to perform backup, recovery, and disk management operations on 
any PC-compatible hardware, including bare metal. 

Universal Restore allows you to boot an operating system recovered to dissimilar hardware or to a 
virtual machine. The tool finds and installs drivers for devices that are critical for starting the 
operating system, such as storage controllers, motherboard, or chipset. 

[Optional] Specify the timeout interval for the boot menu, along with the component that will 
automatically start on timeout. To do so, click the desired component on the upper left pane, and 
then set the interval for it. This enables unattended onsite operation when booting from 
WDS/RIS. 

If this setting is not configured, the loader will wait for you to select whether to boot the operating 
system (if present) or the component. 


Bootable Media Builder = x 


| Select the components to place on the bootable media 


a MIÐ Acronis Cyber Backup oF) Acronis Cyber Backup (64-bit with UEFI support) 
IFD Acronis Cyber Backup (64-bit with UEFI support) Version: 12.5.16130 
¥)® Acronis Cyber Backup (32-bit) a 


Using a media with the bootable agent, you can perform backup, recovery, 
and disk management operations on any PC-compatible hardware, including 
bare metal. 


aiv 9 Tools 


{is 


ə Acronis Universal Restore (32-bit) 


4 


ə Acronis Universal Restore (64-bit with UEFI support) 


[O Use the following script 

Autostart script name 

Backup to and recovery from the cloud storage 
Backup to and recovery from the bootable media 


Backup to and recovery from a network share 


Recovery from the cloud storage 


Space required: 624.7 MB 


8. [Optional] If you want to automate the bootable agent operations, select the Use the following 
script check box. Then, select one of the scripts and specify the script parameters. 

9. [Optional] Select how to register the media on the management server on booting up. For more 
information about the registration settings, see Management server. 


Bootable Media Builder - x 
| Review the options and change the settings if necessary 
: a 
4B Common settings 
~ 
n R Management server 
3! Management server 
An ee You can manage bootable media via the backup console as if it was a registered machine. Here, you can 
— ma preconfigure the registration of bootable media. 
r] Proxy server 
Register media on the management server 
Server name or IP Port 
For example, http://server1 9877 
Display name 
©) Ask for user name and password at booting up 
Register under the following account 
User name 
Password 
Do not ask for user name and password 
It will not be possible to identify who used the media in the backup console. v 
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10. 


11. 


12; 
13. 


14. 


15. 


16. 


[Optional] Specify network settings: TCP/IP settings to be assigned to the machine network 

adapters. 

[Optional] Specify a network port: The TCP port on which the bootable agent listens for an 

incoming connection. 

[Optional] If a proxy server is enabled in your network, specify its host name/IP address and port. 

Select the type of media. You can: 

e Create an ISO image. Then you can burn it to a CD/DVD; use it to create a bootable USB flash 
drive; or connect it to a virtual machine. 

e Create a ZIP file. 

e Upload the selected components to Acronis PXE Server. 

e Upload the selected components to a WDS/RIS. 

[Optional] Add Windows system drivers to be used by Universal Restore. This window appears if 

Universal Restore is added to media and media other than WDS/RIS is selected. 

If prompted, specify the host name/IP address and credentials for WDS/RIS, or a path to the 

media ISO file. 

Check your settings in the summary screen, and then click Proceed. 


Kernel parameters 


This window lets you specify one or more parameters of the Linux kernel. They will be automatically 


applied when the bootable media starts. 


These parameters are typically used when experiencing problems while working with the bootable 


media. Normally, you can leave this field empty. 


You can also specify any of these parameters by pressing F11 while in the boot menu. 


Parameters 


When specifying multiple parameters, separate them with spaces. 


acpi=off 


Disables Advanced Configuration and Power Interface (ACPI). You may want to use this 


parameter when experiencing problems with a particular hardware configuration. 


noapic 


Disables Advanced Programmable Interrupt Controller (APIC). You may want to use this 


parameter when experiencing problems with a particular hardware configuration. 


vga=ask 


Prompts for the video mode to be used by the bootable media's graphical user interface. 


Without the vga parameter, the video mode is detected automatically. 


vga=mode_number 


Specifies the video mode to be used by the bootable media's graphical user interface. The 
mode number is given by mode_number in the hexadecimal format—for example: vga=0x318 


Screen resolution and the number of colors corresponding to a mode number may be 
different on different machines. We recommend using the vga=ask parameter first to choose a 
value for mode_number. 


quiet 


Disables displaying of startup messages when the Linux kernel is loading, and starts the 
management console after the kernel is loaded. 


This parameter is implicitly specified when creating the bootable media, but you can remove 
this parameter while in the boot menu. 


Without this parameter, all startup messages will be displayed, followed by a command 
prompt. To start the management console from the command prompt, run the command: 
/bin/product 


nousb 
Disables loading of the USB (Universal Serial Bus) subsystem. 
nousb2 


Disables USB 2.0 support. USB 1.1 devices still work with this parameter. This parameter 
allows you to use some USB drives in the USB 1.1 mode if they do not work in the USB 2.0 mode. 


nodma 


Disables direct memory access (DMA) for all IDE hard disk drives. Prevents the kernel from 
freezing on some hardware. 


nofw 

Disables the FireWire (IEEE1 394) interface support. 
nopcmcia 

Disables detection of PCMCIA hardware. 
nomouse 

Disables mouse support. 
module_name=off 


Disables the module whose name is given by module_name. For example, to disable the use 
of the SATA module, specify: sata_sis=off 


pci=bios 


Forces the use of PCI BIOS instead of accessing the hardware device directly. You may want 
to use this parameter if the machine has a non-standard PCI host bridge. 


pci=nobios 


Disables the use of PCI BIOS; only direct hardware access methods will be allowed. You may 
want to use this parameter when the bootable media fails to start, which may be caused by the BIOS. 


pci=biosirq 


Uses PCI BIOS calls to get the interrupt routing table. You may want to use this parameter if 
the kernel is unable to allocate interrupt requests (IRQs) or discover secondary PCI buses on the 
motherboard. 


These calls might not work properly on some machines. But this may be the only way to get 
the interrupt routing table. 


LAYOUTS=en-US, de-DE, fr-FR, ... 


Specifies the keyboard layouts that can be used in the bootable media's graphical user 
interface. 


Without this parameter, only two layouts can be used: English (USA) and the layout that 
corresponds to the language selected in the media's boot menu. 


You can specify any of the following layouts: 
Belgian: be-BE 

Czech: cz-CZ 

English: en-GB 

English (USA): en-US 

French: fr-FR 

French (Swiss): fr-CH 
German: de-DE 

German (Swiss): de-CH 
Italian: it-IT 

Polish: pl-PL 

Portuguese: pt-PT 
Portuguese (Brazilian): pt-BR 
Russian: ru-RU 

Serbian (Cyrillic): sr-CR 
Serbian (Latin): sr-LT 
Spanish: es-ES 


When working under bootable media, use CTRL + SHIFT to cycle through the available 
layouts. 


Scripts in bootable media 


Note 
This functionality is available only with the Acronis Cyber Backup Advanced license. 


If you want the bootable media to perform a determined set of operations, you can specify a script 
while creating the media in Bootable Media Builder. Every time the media boots, it will run this script 
instead of displaying the user interface. 


You can select one of the predefined scripts or create a custom script by following the scripting 
conventions. 


Predefined scripts 

Bootable Media Builder provides the following predefined scripts: 

e Backup to and recovery from the cloud storage (entire_pc_cloud) 
e Backup to and recovery from the bootable media (entire_pc_local) 


e Backup to and recovery from a network share (entire_pc_share) 


e Recovery from the cloud storage (golden_image) 


The scripts can be found on the machine where Bootable Media Builder is installed, in the following 
directories: 


e In Windows: %ProgramData%\Acronis\MediaBuilder\scripts\ 


e In Linux: /var/lib/Acronis/MediaBuilder/scripts/ 


Backup to and recovery from the cloud storage 


This script will back up a machine to the cloud storage or recover the machine from its most recent 
backup created in the cloud storage by this script. On its start, the script will prompt the user to 
choose between backup, recovery, and starting the user interface. 


In Bootable Media Builder, specify the following script parameters: 


1. The user name and password for the cloud storage. 


2. [Optional] A password that the script will use to encrypt or access the backups. 


Backup to and recovery from the bootable media 


This script will back up a machine to the bootable media or recover the machine from its most recent 
backup created by this script on the same media. On its start, the script will prompt the user to 
choose between backup, recovery, and starting the user interface. 


In Bootable Media Builder, you can specify a password that the script will use to encrypt or access the 
backups. 


Backup to and recovery from a network share 


This script will back up a machine to a network share or recover the machine from its most recent 
backup located on a network share. On its start, the script will prompt the user to choose between 
backup, recovery, and starting the user interface. 


In Bootable Media Builder, specify the following script parameters: 


1. The network share path. 
2. The user name and password for the network share. 
3. [Optional] The backup file name. The default value is AutoBackup. If you want the script to 


append backups to an already existing backup, or to recover from a backup with a non-default 
name, change the default value to the file name of this backup. 


To find out the backup file name 

a. Inthe backup console, go to Backups > Locations. 

b. Select the network share (click Add location if the share is not listed). 
c. Select the backup. 

d. Click Details. The file name is displayed under Backup file name. 


4. [Optional] A password that the script will use to encrypt or access the backups. 


Recovery from the cloud storage 


This script will recover the machine from the most recent backup located in the cloud storage. On its 
start, the script will prompt the user to specify: 


1. The user name and password for the cloud storage. 
2. The password if the backup is encrypted. 


We recommend that you store backups of only one machine under this cloud storage account. 
Otherwise, if a backup of another machine is newer than the backup of the current machine, the 
script will choose that machine backup. 


Custom scripts 


Important 

Creating custom scripts requires the knowledge of the Bash command language and JavaScript 
Object Notation (JSON). If you are not familiar with Bash, a good place to learn it is 
http://www.tidp.org/LDP/abs/html. The JSON specification is available at http://www.json.org. 


Files of a script 


Your script must be located in the following directories on the machine where Bootable Media Builder 
is installed: 


e In Windows: %ProgramData%\Acronis\MediaBuilder\scripts\ 


e In Linux: /var/lib/Acronis/MediaBuilder/scripts/ 


The script must consist of at least three files: 


<script_file>.sh - a file with your Bash script. When creating the script, use only a limited set of 
shell commands, which you can find at https://busybox.net/downloads/BusyBox.html. Also, the 
following commands can be used: 


o acrocmd - the command-line utility for backup and recovery 
o product -the command that starts the bootable media user interface 


This file and any additional files that the script includes (for example, by using the dot command) 
must be located in the bin subfolder. In the script, specify the additional file paths as 
/ConfigurationFiles/bin/<some_file>. 


autostart - a file for starting <script_file>.sh. The file contents must be as follows: 
#!/bin/sh 
. /ConfigurationFiles/bin/variables.sh 


. /ConfigurationFiles/bin/<script_file>.sh 
. /ConfigurationFiles/bin/post_actions.sh 


autostart.json - aJSON file that contains the following: 
o The script name and description to be displayed in Bootable Media Builder. 
o The names of the script variables to be configured via Bootable Media Builder. 


o The parameters of controls that will be displayed in Bootable Media Builder for each variable. 


Structure of autostart.json 


11.4.4 Top-level object 


The script name to be displayed in Bootable Media Builder. 


The script description to be displayed in Bootable Media 
Builder. 


timeout number No A timeout (in seconds) for the boot menu before starting the 
script. If the pair is not specified, the timeout will be ten 
seconds. 


variables object No Any variables for <script_file>.sh that you want to configure 
via Bootable Media Builder. 
The value should be a set of the following pairs: the string 
identifier of a variable and the object of the variable (see the 
table below). 


11.4.5 Variable So 


Required Description 
Value type 


displayName The variable name used in <script_file>.sh. 


“_ 


The type of a control that is displayed in Bootable Media 
Builder. This control is used to configure the variable value. 


For all supported types, see the table below. 


The control label that is displayed above the control in 
Bootable Media Builder. 


string if type The default value for the control. If the pair is not specified, 


is string, the default value will be an empty string or a zero, based 
multiString, on the control type. 
pacer avon The default value for a check box can be @ (the cleared 
a state) or 1 (the selected state). 
number if 
type iS number, 
spinner, or 


checkbox 


The minimum value of the spin control in a spin box. If the 
pair is not specified, the value will be @. 


number 
(for spinner 
only) 
max number 
(for spinner 
only) 
step number 
(for spinner 
only) 


items array of 


The maximum value of the spin control in a spin box. If the 
pair is not specified, the value will be 100. 


The step value of the spin control in a spin box. If the pair is 
not specified, the value will be 1. 


The values for a drop-down list. 


t 
(for enum only) strings 


required number Specifies if the control value can be empty (0) or not (1). If 


the pair is not specified, the control value can be empty. 
(for string, 


number The control order in Bootable Media Builder. The higher 
( the value, the lower the control is placed relative to other 
non- 
controls defined in autostart.json. The initial value must 
negative) Dag 
eo. 


multiString, 


password, and 


enum) 


11.4.6 Control type 


Description 


string A single-line, unconstrained text box used to enter or edit short strings. 


A multi-line, unconstrained text box used to enter or edit long strings. 
A single-line, unconstrained text box used to enter passwords securely. 


A single-line, numeric-only text box used to enter or edit numbers. 


spinner A single-line, numeric-only text box used to enter or edit numbers, with a 
spin control. Also, called a spin box. 
A standard drop-down list, with a fixed set of predetermined values. 
A check box with two states - the cleared state or the selected state. 


The sample autostart.json below contains all possible types of controls that can be used to 


configure variables for <script_file>.sh. 


{ 
"displayName": "Autostart script name", 
"description": "This is an autostart script description.", 
"variables": { 
"var_string": { 
"displayName": "VAR_STRING", 
"type": "string", "order": 1, 
"description": "This is a 'string' control:", "default": "Hello, 
world!" 


}, 
"var_multistring": { 
"displayName": "VAR_MULTISTRING", 
"type": "multiString", "order": 2, 
"description": "This is a 'multiString' control:", 


"default": "Lorem ipsum dolor sit amet,\nconsectetur adipiscing 


elit." 


Py 
"var_number": { 
"displayName": "VAR_NUMBER", 


"type": "number", "order": 3, 


"description": "This is a 'number' control:", 


J; 
"var_spinner": { 
"displayName": "VAR_SPINNER", 


"type": "spinner", "order": 4, 


"description": "This is a 'spinner' control:", 


"min": 1, "max": 10, "step": 1, "default": 5 
J; 
"var_enum": { 

"displayName": "VAR_ENUM", 

"type": "enum", "order": 5, 


"description": "This is an 'enum' control:", 


"items": ["first", "second", "third"], "default": 


3}, 
"var_password": { 
"displayName": "VAR_PASSWORD", 


"type": "password", "order": 6, 


"description": "This is a 'password' control:", 


}, 
"var_checkbox": { 
"displayName": "VAR_CHECKBOX", 


"type": "checkbox", "order": 7, 


"description": "This is a 'checkbox' control", 


} 


This is how it looks in Bootable Media Builder. 


"default": 10 
"second" 
"default": 
"default": 1 


qwe 


Bootable Media Builder 
| Select the components to place on the bootable media 


i ; j 
a|n Acronis Cyber Backup 
ə Autostart script name 


vi E] Acronis Cyber Backup (64-bit with UEFI support) 


This is an autostart script description. 


9 Acronis Cyber Backup (32-bit) 


This is a ‘string’ control: 


Hello, world! 


This is a ‘multiString' control: 


Lorem ipsum dolor sit amet, 
consectetur adipiscing elit. 


This is a ‘number’ control: 


10 


v| Use the following script 


This is a ‘spinner’ control: 


57 


O Backup to and recovery from the cloud storage 


This is an ‘enum’ control: 
© Backup to and recovery from the bootable media 


second X 
© Backup to and recovery from a network share 
O Recovery from the cloud storage This is a ‘password’ control: 
eee 


v| This is a ‘checkbox’ control 


Actions on script completion: 
@ Do nothing 


O Reboot the machine 


O Shut down the machine 


Space required: 188.3 MB 


< Back Next > Cancel 


Management server 


While creating bootable media, you have an option to pre-configure the media registration on the 
management server. 


Registering the media enables you to manage the media via the backup console as if it was a 
registered machine. Besides the convenience of remote access, this grants an administrator the 
capability to trace all operations performed under bootable media. The operations are logged in 
Activities, so it is possible to see who and when started an operation. 


If the registration was not pre-configured, it is still possible to register the media after booting the 
machine from it. 


To pre-configure registration on the management server 
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1. Select the Register media on the management server check box. 

2. In Server name or IP, specify the host name or IP address of the machine where the 
management server is installed. You can use one of the following formats: 
e http://<server>. For example, http: //10.250.10.10 orhttp://server1 
e <IP address>. For example, 10.250.10.10 
e <host name>. For example, server! Or serverl.example.com 

3. In Port, specify the port that will be used to access the management server. The default value is 
9877. 


4. In Display name, specify the name that will be displayed for this machine in the backup console. 
If you leave this field empty, the display name will be set to one of the following: 
e If the machine was previously registered on the management server, it will have the same 
name. 


e Otherwise, either the fully qualified domain name (FQDN) or the IP address of the machine will 

be used. 
5. Select which account will be used to register the media on the management server. The following 

options are available: 

- Ask for user name and password at booting up 
The credentials will have to be provided every time a machine is booted from the media. 
For successful registration, the account must be in the list of the management server 
administrators (Settings > Administrators). In the backup console, the media will be available 
under the organization or under a specific unit, according to the permissions given to the 
specified account. 
In the bootable media interface, it will be possible to change the user name and password by 
clicking Tools > Register media on the management server. 

e Register under the following account 
The machine will be registered automatically every time it is booted from the media. 
The account you specify must be in the list of the management server administrators (Settings 
> Administrators). In the backup console, the media will be available under the organization 
or under a specific unit, according to the permissions given to the specified account. 
In the bootable media interface, it will not be possible to change the registration parameters. 

e Do not ask for user name and password 
The machine will be registered anonymously, unless anonymous registration on the 
management server is disabled. 
The Activities tab of the backup console will not show who used the media. 
In the backup console, the media will be available under the organization. 
In the bootable media interface, it will be possible to change the user name and password by 
clicking Tools > Register media on the management server. 


Network settings 


While creating bootable media, you have an option to pre-configure network connections that will be 
used by the bootable agent. The following parameters can be pre-configured: 


e IP address 

e Subnet mask 
e Gateway 

e DNS server 


e WINS server. 


Once the bootable agent starts on a machine, the configuration is applied to the machine's network 
interface card (NIC). If the settings have not been pre-configured, the agent uses DHCP auto 
configuration. You also have the ability to configure the network settings manually when the 
bootable agent is running on the machine. 


Pre-configuring multiple network connections 


You can pre-configure TCP/IP settings for up to ten network interface cards. To ensure that each NIC 
will be assigned the appropriate settings, create the media on the server for which the media is 
customized. When you select an existing NIC in the wizard window, its settings are selected for saving 
on the media. The MAC address of each existing NIC is also saved on the media. 


You can change the settings, except for the MAC address; or configure the settings for a non-existent 
NIC, if need be. 


Once the bootable agent starts on the server, it retrieves the list of available NICs. This list is sorted by 
the slots the NICs occupy: the closest to the processor on top. 


The bootable agent assigns each known NIC the appropriate settings, identifying the NICs by their 
MAC addresses. After the NICs with known MAC addresses are configured, the remaining NICs are 
assigned the settings that you have made for non-existent NICs, starting from the upper non- 
assigned NIC. 


You can customize bootable media for any machine, and not only for the machine where the media is 
created. To do so, configure the NICs according to their slot order on that machine: NIC1 occupies the 
slot closest to the processor, NIC2 is in the next slot and so on. When the bootable agent starts on 
that machine, it will find no NICs with known MAC addresses and will configure the NICs in the same 
order as you did. 


Example 


The bootable agent could use one of the network adapters for communication with the management 
console through the production network. Automatic configuration could be done for this connection. 
Sizeable data for recovery could be transferred through the second NIC, included in the dedicated 
backup network by means of static TCP/IP settings. 


Network port 


While creating bootable media, you have an option to pre-configure the network port that the 
bootable agent listens to for an incoming connection from the acrocmd utility. The choice is available 
among: 


e the default port 
e the currently used port 


e thenew port (enter the port number) 


If the port has not been pre-configured, the agent uses port 9876. 


Drivers for Universal Restore 


While creating bootable media, you have an option to add Windows drivers to the media. The drivers 
will be used by Universal Restore to boot up Windows that was migrated to dissimilar hardware. 


You will be able to configure Universal Restore: 


e to search the media for the drivers that best fit the target hardware 


e to get the mass-storage drivers that you explicitly specify from the media. This is necessary when 
the target hardware has a specific mass storage controller (such as a SCSI, RAID, or Fiber Channel 
adapter) for the hard disk. 


The drivers will be placed in the visible Drivers folder on the bootable media. The drivers are not 
loaded into the target machine RAM, therefore, the media must stay inserted or connected 
throughout the Universal Restore operation. 


Adding drivers to bootable media is available when you are creating a removable media or its ISO or 
detachable media, such as a flash drive. Drivers cannot be uploaded on WDS/RIS. 


The drivers can be added to the list only in groups, by adding the INF files or folders containing such 
files. Selecting individual drivers from the INF files is not possible, but the media builder shows the file 
content for your information. 


To add drivers: 


1. Click Add and browse to the INF file or a folder that contains INF files. 
2. Select the INF file or the folder. 
3. Click OK. 


The drivers can be removed from the list only in groups, by removing INF files. 
To remove drivers: 


1. Select the INF file. 


2. Click Remove. 


11.4.7 WinPE-based bootable media 


Bootable Media Builder provides two methods of integrating Acronis Cyber Backup with WinPE: 


e Creating the PE ISO with the plug-in from scratch. 


e Adding the Acronis Plug-in to a WIM file for any future purpose (manual ISO building, adding other 
tools to the image and so on). 


You can create WinRE-based PE images without any additional preparation, or create PE images after 
installing Windows Automated Installation Kit (AIK) or Windows Assessment and Deployment Kit 
(ADK). 


WinRE-based PE images 


Creating of WinRE-based images is supported for the following operation systems: 


e Windows 7 (64-bit) 
e Windows 8, 8.1, 10 (32-bit and 64-bit) 
e Windows Server 2012, 2016, 2019 (64-bit) 


PE images 


After installing Windows Automated Installation Kit (AIK) or Windows Assessment and Deployment 
Kit (ADK), Bootable Media Builder supports WinPE distributions that are based on any the following 
kernels: 


e Windows Vista (PE 2.0) 

e Windows Vista SP1 and Windows Server 2008 (PE 2.1) 

e Windows 7 (PE 3.0) with or without the supplement for Windows 7 SP1 (PE 3.1) 
e Windows 8 (PE 4.0) 

e Windows 8.1 (PE 5.0) 

e Windows 10 (PE for Windows 10) 


Bootable Media Builder supports both 32-bit and 64-bit WinPE distributions. The 32-bit WinPE 
distributions can also work on 64-bit hardware. However, you need a 64-bit distribution to boot a 
machine that uses Unified Extensible Firmware Interface (UEFI). 


Note 
PE images based on WinPE 4 and later require approximately 1 GB of RAM to work. 


Preparation: WinPE 2.x and 3.x 


To be able to create or modify PE 2.x or 3.x images, install Bootable Media Builder on a machine 
where Windows Automated Installation Kit (AIK) is installed. If you do not have a machine with AIK, 
prepare it as follows. 


To prepare a machine with AIK 


1. Download and install Windows Automated Installation Kit. 
Automated Installation Kit (AIK) for Windows Vista (PE 2.0): 
http://www. microsoft.com/Downloads/details.aspx?familyid=C7 D4B C6D-1 5F3-4284-91 23- 
679830D629F2&displaylang=en 
Automated Installation Kit (AIK) for Windows Vista SP1 and Windows Server 2008 (PE 2.1): 


http://www. microsoft.com/downloads/details. aspx? Family|ID=94bb6e34-d890-4932-81a5- 
5650c657de08&DisplayLang=en 


Automated Installation Kit (AIK) for Windows 7 (PE 3.0): 


http://www. microsoft.com/downloads/details. aspx?familyid=696DD665-9F76-41 77-A81 1- 
39C26D3B3B34&displaylang=en 


Automated Installation Kit (AIK) Supplement for Windows 7 SP1 (PE 3.1): 

http://www. microsoft.com/download/en/details.aspx?id=5 188 

You can find system requirements for installation by following the above links. 
2. [Optional] Burn the WAIK to DVD or copy to a flash drive. 


3. Install the Microsoft .NET Framework from this kit (NETFXx86 or NETFXx64, depending on your 
hardware). 


4. Install Microsoft Core XML (MSXML) 5.0 or 6.0 Parser from this kit. 
Install Windows AIK from this kit. 


Install Bootable Media Builder on the same machine. 


It is recommended that you familiarize yourself with the help documentation supplied with Windows 
AIK. To access the documentation, select Microsoft Windows AIK -> Documentation from the 
start menu. 


Preparation: WinPE 4.0 and later 


To be able to create or modify PE 4 or later images, install Bootable Media Builder on a machine 
where Windows Assessment and Deployment Kit (ADK) is installed. If you do not have a machine with 
ADK, prepare it as follows. 


To prepare a machine with ADK 


1. Download the setup program of Assessment and Deployment Kit. 


Assessment and Deployment Kit (ADK) for Windows 8 (PE 4.0): http://www.microsoft.com/en- 
us/download/details.aspx?id=30652. 


Assessment and Deployment Kit (ADK) for Windows 8.1 (PE 5.0): http://www. microsoft.com/en- 
US/download/details.aspx?id=39982. 


Assessment and Deployment Kit (ADK) for Windows 10 (PE for Windows 10): 
https://msdn.microsoft.com/en-us/windows/hardware/dn913721%28v=vs.8.5%29.aspx. 
You can find system requirements for installation by following the above links. 

2. Install Assessment and Deployment Kit on the machine. 

3. Install Bootable Media Builder on the same machine. 


Adding Acronis Plug-in to WinPE 
To add Acronis Plug-in to WinPE: 


1. Start the Bootable Media Builder. 


2. To create a full-featured bootable media, specify an Acronis Cyber Backup license key. This key is 
used to determine which features will be included in the bootable media. No licenses will be 
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revoked from any machines. 
If you don't specify a license key, the resulting bootable media can only be used for recovery 
operations and access to Acronis Universal Restore. 


Bootable Media Builder a x 


| The functionality of the created media depends on the license keys that you provide 


© Create the media without specifying a license key (Only recovery will be available.) 
@ Iwill specify the key(s) manually 
Import keys from file... 


5V EB 


| The license keys will not get assigned or reassigned. The license keys help determine which functionality to enable for the created media. 


< Back Cancel 


Select Bootable media type: Windows PE or Bootable media type: Windows PE (64-bit). A 
64-bit media is required to boot a machine that uses Unified Extensible Firmware Interface (UEFI). 


If you have selected Bootable media type: Windows PE, do the following first: 

e Click Download the Plug-in for WinPE (32-bit). 

e Save the plug-in to %PROGRAM_FILES%\Acronis\BootableComponents\WinPE32. 

If you plan to recover an operating system to dissimilar hardware or to a virtual machine and want 
to ensure the system bootability, select the Include the Universal Restore tool... check box. 
Select Create WinPE automatically. 


The software runs the appropriate script and proceeds to the next window. 


Bootable Media Builder — x 


| Select the bootable media type to create 


Bootable Media Builder will create bootable media using Windows PE. 


@ Create WinPE automatically 


© Use WinPE files located in the folder | specify 


5. Select a language that will be used in the bootable media. 

6. Select whether to enable or disable the remote connection to a machine booted from the media. 
If enabled, enter a user name and password to be specified in the command line if the acrocmd 
utility is running on a different machine. You can also leave these fields empty, then a remote 
connection via the command line interface will be possible without credentials. 

These credentials are also required when you register the media on the management server from 
the backup console. 
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10. 


TR 


12. 
13. 


Bootable Media Builder = x 


| Network settings 


Remote connection 


© Disable remote connection 


User name: 


Password: 


Network interface card: 
NIC1: Ethernet - 


Hardware address: 08:00:27:CO:AA87 
[M] Configure the settings automatically 
IP address: 

Subnet mask: 

Default gateway: 


DNS servers: 


DNS suffix: 


[Optional] Sele 
Specify network settings for the machine network adapters or choose DHCP auto configuration. 


[Optional] Select how to register the media on the management server on booting up. For more 

information about the registration settings, see Management server. 

[Optional] Specify the Windows drivers to be added to Windows PE. 

Once you boot a machine into Windows PE, the drivers can help you access the device where the 

backup is located. Add 32-bit drivers if you use a 32-bit WinPE distribution or 64-bit drivers if you 

use a 64-bit WinPE distribution. 

Also, you will be able to point to the added drivers when configuring Universal Restore for 

Windows. For Universal Restore, add 32-bit or 64-bit drivers depending on whether you are 

planning to recover a 32-bit or a 64-bit Windows operating system. 

To add the drivers: 

e Click Add and specify the path to the necessary .inf file for a corresponding SCSI, RAID, SATA 
controller, network adapter, tape drive or other device. 

e Repeat this procedure for each driver that you want to include in the resulting WinPE media. 

Choose whether you want to create ISO or WIM image or upload the media on a server (WDS or 

RIS). 

Specify the full path to the resulting image file including the file name, or specify the server and 

provide the user name and password to access it. 

Check your settings in the summary screen, and then click Proceed. 

Burn the .ISO to CD or DVD by using a third-party tool or prepare a bootable flash drive. 


Once a machine boots into WinPE, the agent starts automatically. 


To create a PE image (ISO file) from the resulting WIM file: 


e Replace the default boot.wim file in your Windows PE folder with the newly created WIM file. For 
the above example, type: 


copy c:\AcronisMedia.wim c:\winpe_x86\1ISO\sources\boot.wim 


e Use the Oscdimg tool. For the above example, type: 


oscdimg -n -bc:\winpe_x86\etfsboot.com c:\winpe_x86\ISO c:\winpe_x86\winpe_ 
x86.1S0 


Warning! 
Do not copy and paste this example. Type the command manually, otherwise it will fail. 


For more information on customizing Windows PE 2.x and 3.x, see the Windows Preinstallation 
Environment User's Guide (Winpe.chm). The information on customizing Windows PE 4.0 and later is 
available in the Microsoft TechNet Library. 


11.5 Connecting to a machine booted from media 


Once a machine boots from bootable media, the machine terminal displays a startup window with 
the IP address(es) obtained from DHCP or set according to the pre-configured values. 


11.5.1 Configuring network settings 


To change the network settings for a current session, click Configure network in the startup 
window. The Network Settings window that appears will allow you to configure network settings 
for each network interface card (NIC) of the machine. 


Changes made during a session will be lost after the machine reboots. 


Adding VLANs 


Inthe Network Settings window, you can add virtual local area networks (VLANs). Use this 
functionality if you need access to a backup location that is included in a specific VLAN. 


VLANs are mainly used to divide a local area network into segments. A NIC that is connected to an 
access port of the switch always has access to the VLAN specified in the port configuration. A NIC 
connected to a trunk port of the switch can access the VLANs allowed in the port configuration only if 
you specify the VLANs in the network settings. 


To enable access to a VLAN via a trunk port 


1. Click Add VLAN. 
2. Select the NIC that provides access to the local area network that includes the required VLAN. 
3. Specify the VLAN identifier. 


After you click OK, a new entry appears in the list of network adapters. 


If you need to remove a VLAN, click the required VLAN entry, and then click Remove VLAN. 


11.5.2 Local connection 


To operate directly on the machine booted from bootable media, click Manage this machine 
locally in the startup window. 


11.5.3 Remote connection 


To connect to the media remotely, register it on the management server, as described in "Registering 
media on the management server". 


11.6 Registering media on the management server 


Registering bootable media enables you to manage the media via the backup console as if it was a 
registered machine. This applies to all bootable media regardless of the boot method (physical media, 
Startup Recovery Manager, Acronis PXE Server, WDS, or RIS). However, it is not possible to register 
bootable media created in macOS. 


Registering the media is possible only if at least one Acronis Cyber Backup Advanced license is added 
to the management server. 


You can register the media from the media UI. 


The registration parameters can be pre-configured in the Management server option of Bootable 
Media Builder. If all the registration parameters are pre-configured, the media will appear in the 
backup console automatically. If some of the parameters are pre-configured, some steps in the 
following procedures may be not available. 


11.6.1 Registering the media from the media UI 
The media can be downloaded or created by using Bootable Media Builder. 
To register media from the media UI 


1. Boot the machine from the media. 
2. Do one of the following: 
e Inthe startup window, under Management server, click Edit. 
e Inthe bootable media interface, click Tools > Register media on the management server. 
3. In Register at, specify the host name or IP address of the machine where the management 
server is installed. You can use one of the following formats: 
e http://<server>. For example, http: //10.250.10.10 orhttp://server 
e <IP address>. For example, 10.250.10.10 
e <host name>. For example, server Or server.example.com 
4. In User name and Password, provide the credentials of an account that is in the list of the 
management server administrators (Settings > Administrators). In the backup console, the 


media will be available under the organization or under a specific unit, according to the 
permissions given to the specified account. 


5. In Display name, specify the name that will be displayed for this machine in the backup console. 
If you leave this field empty, the display name will be set to one of the following: 
e If the machine was previously registered on the management server, it will have the same 
name. 
e Otherwise, either the fully qualified domain name (FQDN) or the IP address of the machine will 
be used. 
6. Click OK. 


11.7 Operations with a bootable media 


Operations with the bootable media are similar to the backup and recovery operations that are 


performed under a running operating system. The differences are as follows: 


alk 


Under a bootable media with Windows-like volume representation, a volume has the same drive 
letter as in Windows. Volumes that don't have drive letters in Windows (such as the System 
Reserved volume) are assigned free letters in order of their sequence on the disk. 

If the bootable media cannot detect Windows on the machine or detects more than one, all 
volumes, including those without drive letters, are assigned letters in order of their sequence on 
the disk. Thus, the volume letters may differ from those seen in Windows. For example, the D: 
drive under the bootable media might correspond to the E: drive in Windows. 


Note 
It is advisable to assign unique names to the volumes. 


The bootable media with Linux-like volume representation shows local disks and volumes as 
unmounted (sda1, sdaz2...). 

Backups created using bootable media have simplified file names. Standard names are assigned 
to the backups only if these are added to an existing archive with standard file naming or if the 
destination does not support simplified file names. 

The bootable media with a Linux-like volume representation cannot write backups to an NTFS- 
formatted volume. Switch to a media with Windows-like volume representation if you need to do 
so. To toggle the bootable media volume representations, click Tools > Change volume 
representation. 

Tasks cannot be scheduled. If you need to repeat an operation, configure it from scratch. 

The log lifetime is limited to the current session. You can save the entire log or the filtered log 
entries to a file. 

Centralized vaults are not displayed in the folder tree of the Archive window. 

To access a managed vault, type the following string in the Path field: 
bsp://node_address/vault_name/ 

To access an unmanaged centralized vault, type the full path to the vault's folder. 


After entering access credentials, you will see a list of archives located in the vault. 


11.7.1 Setting up a display mode 


When you boot a machine via Linux-based bootable media, a display video mode is detected 
automatically based on the hardware configuration (monitor and graphics card specifications). If the 
video mode is detected incorrectly, do the following: 


1. Inthe boot menu, press F11. 

2. Onthe commandline, enter the following: vga=ask, and then proceed with booting. 

3. From the list of supported video modes, choose the appropriate one by typing its number (for 
example, 318), and then press Enter. 


If you don't want to follow this procedure every time you boot a given hardware configuration, re- 
create the bootable media with the appropriate mode number (in the example above, vga=0x318) 
typed in the Kernel parameters window. 


11.7.2 Backup 


You can back up data only with a bootable media that you have created with Bootable Media Builder, 
and by using your Acronis Cyber Backup license key. For more information about how to create a 
bootable media, refer to Linux-based bootable media or Windows-PE based bootable media, 
respectively. 


To backup up data under bootable media 


1. Boot from Acronis bootable rescue media. 


English US X 


Start the bootable rescue utility. 


2. To back up the local machine, click Manage this machine locally. For remote connections, refer 
to Registering media on the management server. 
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Acronis Bootable Agent 


® Manage this machine locally 
E: Sm] 


Configure network 
Proxy server 
Machine name: Wi-Fi settings 
User name: not specified 
Edit 
DHCP hostname: localhost 
IP address: 10.0.2.15 


You can turn on MouseKeys to control the mouse pointer using the numeric keypad. 
Press either CT RL+M or F10 and control the pointer using the numeric keypad keys. 


Turn off | Reboot 


3. Click Back up now. 


Actions v Tools v Navigation v Help v 


Welcome to 'WIN-2A1NUKBHD7U' 


The console is connected to a managed machine. Choose the action to perform or the tool to use. 


? Back up now 
E Speci k 


ackup location and start backing up the machine r 
a | Recover 
& ro the data from an ea 


Actions 


(4) Apply Universal Restore <? Validate 


Ga Browse vaults {3 Export backup 


Navigation 


E] Tape management D Disk management 
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4. Allnon-removable disks of the machine are automatically selected for backup. To change the data 
that will be backed up, click Items to backup, and then select the desired disks or volumes. 
When selecting data to back up, you may see the following message: "This machine cannot be 
selected directly. A previous agent version is installed on the machine. Use policy rules to select this 
machine for backup." This is a GUI issue that can be safely ignored. Proceed with selecting the 
individual disks or volumes that you want to back up. 


Note 
With the Linux-based bootable media you might see drive letters that are different from the ones 
in Windows. Try identifying the drive or partition that you need by its size or label. 


Navigation v Help v 


Back up now 


Specify a backup location and start backing up the machine now. 


What to back up 


Items to back up... Remove © Disks/volumes: Hide items @ 


Remove © Disks 


Ə Show exclusions 


Where to back up 


Location... | Required 


Ə Show archive comments 
How to back up 

Backup type: | Full ~ 
Validation: ] of - 
Parameters 


Backup options... | Default 


Cancel 


5. If you need to back up files or folders instead of disks, switch to Files in Data to back up. 
Only disk/partition and file/folder backup are available under bootable media. Other types of 
backups, such as database backup, are only available under the running operating system. 
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Acronis Cyber Backup - Connected to This Machine (Local Connection) as root 


Specify a backup loc 
What to back up — 


$ Items to back u 


Volume Type Capacity Free spa... 


© Show exclus] an 
Disk 1 100.7... 


Where to back up 
Location... 
@& Show archiv 
How to back up 


Backup type: 


Validation: 


Parameters —_— 


Backup options 


Ok Cancel 


NL) | 


6. Click Location to select where the backup will be saved. 
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Acronis Cyber Backup - Connected to This Machine (Local Connection) as root 


Back up now ~ 


Specify a backup location Enter a path to the vault and define a name for the new backup archive 


What to back up + & Create folder B Rename ER Delete Latest Backups 
n Local folder 


Items to back up... > @ Cloud storage 


D Refresh 


> BP Personal 
Archive name Owner Type 


4 Local folders 


© Show exclusiggs' There are no items to show in this view. 
oe ® 1® C: (©) 


Where to back up > BB $Recycle.Bin 


E © a 


© Show archive co 
How to back up > GS Documents and Settings 
Backup type: > E PerfLogs 


Validation: > B Program Files 


P , 
Parameters > E Program Files (x86) 


> ES ProaramNata s 
Backup options... < 2 


Path: C:\Backups\Latest Backups} 


Name: Archive(1) 


} Cancel 


Specify the location and name for your backup. 

Specify the backup type. If this is the first backup in this location, a full backup will be created. If 
you continue a chain of backups, you can select Incremental or Differential, to save space. For 
more information about the backup types, refer to https://kb.acronis.com/content/1536. 
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Back up now 


Specify a backup location and start backing up the machine now. 


What to back up 


Items to back up... Remove © Disks/volumes: 


Remove © Disk1 


© Show exclusions 


Where to back up 


Location... | Name: Archive(1) 


Path: C:\BackupsiLatest Backups\ (Local folder) 
@ Show archive comments 
How to back up 


Backup type: 


Validation: 


Incremental 
Parameters 


Differential 
Backup options... 


Hide items @ 


9. [Optional] If you want to validate the backup file, select Validate a backup as soon as it is 
created. 
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Navigation v Help v 


Back up now 


Specify a backup location and start backing up the machine now. 


What to back up 


Items to back up... Remove © Disks/volumes: Hide items @ 


Remove © Disk1 


© Show exclusions 
Where to back up 


Location... Name: Archive(1) 
Path: C:\Backups\Latest Backups\ (Local folder) 


Show archive comments 


x) 


How to back up — 


Backup type: 


Parameters —_— 


Validate a backup as soon as it is created 


Backup options... 


Cancel 


10. [Optional] Specify the backup options that you might need - such as password for the backup file, 
backup splitting, or error handling. 
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A Archive protection 


Acronis Cyber Backup - Connected to This Machine (Local Connection) as root 


© Actions ools Navigation v Help v 


ak Additional settings 
be 


You can configure additional settings for the backup creation 
process. 


Where to back u 


Location... 


© Show ard 
How to back up 
Backup type 
Validation: 
Parameters 


Backup opti 


4 © Backup performance 
@ HDD writing speed 
$ Backup splitting 
Compression level 
© Error handling 
ba Fast incremental/differential backup 


D Sector-by-sector backup 


11. Click OK to start the backup. 
The bootable media reads data from disk, compresses it into a .tib file, and then writes this file to 
the selected location. It does not create a disk snapshot as there are no running applications. 


OK Cancel 


12. You can check the backup task status and additional information about the backup in the window 
that appears. 
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t Back up n 
Sy d i 


Zé sate 


Acronis Cyber Backup - Connected to This Machine (Local Connection) as root 


The console is connectedo.o-me 


Help v 


Navigation v 


Welcome to 'WIN-2A1NUKBHD7U' 


View details of backup plan 'Backup 5/27/20 10:15:48 AM' 


y Details Progress History What to back up Where t... > 


Name: Backup 5/27/20 10:15:48 AM Next start time: 


Owner: root 


Origin: 
Execution state: 


Status: 


Local 
Idle 
OK 


Speed: 18.26 MB/s 


Last result: 


Actions 
xX 


Backup plan Schedule: Manual 


5/27/20 10:24:48 AM 
5/27/20 10:24:49 AM 


Type: 


Last start time: Comments: 


Last finish time: 


Navigation 


B Tape manag 


11.7.3 Recovery 


The Recovery operation is available in both bootable media created with the Bootable Media Builder 
and downloaded ready-made bootable media. 


To recover data under bootable media 
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1. Boot from Acronis bootable rescue media. 


English US X 


Start the bootable rescue utility. 


2. To recover data to the local machine, click Manage this machine locally. For remote 
connections, refer to Registering media on the management server. 
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Acronis Bootable Agent 


® Manage this machine locally 
d 


Configure network 
Proxy server 
Machine name: Wi-Fi settings 
User name: not specified 
Edit 
DHCP hostname: localhost 


IP address: 10.0.2.15 


You can turn on MouseKeys to control the mouse pointer using the numeric keypad. 
Press either CTRL+M or F10 and control the pointer using the numeric keypad keys. 


| Turn off | Reboot 


3. Click Recover. 


Navigation v Help y 


Welcome to 'WIN-2A1NUKBHD7U' 


The console is connected to a managed machine. Choose the action to perform or the tool to use. 


? Back up now 


ify a backup location and start backing up the machine r 


Actions 


(4) Apply Universal Restore PGP Validate 


ce. Browse vaults 43 Export backup 


Navigation 


B Tape management D Disk management 
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4. In What to recover, click Select data. 


Recover data 
Configure the recovery operation that will start immediately after you click OK at the bottom of the page. 


What to recover 


ose 


Task parameters 


Recovery options... | Default 


5. Click Browse and select the backup location. 
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Acronis C' Data to Recover Selection ES ER 


Recove Browse 
Configure the re Datapa Select where the backed-up data is located 


What to recover BB Create folder BB Rename B® Delete © Cloud storage 


Select data. 


b E Personal Acronis Cloud Backup provides 

Taak parametern you reliable and cost efficient 
offsite data protection. 

p Bp Local folders If a subscription is already 

> & Network folders assigned to this machine, please 

log in. 


> he NFS folders ‘Log in! 


A SFTP servers 


Recovery of 


B Storage nodes 


> BH Tape devices T 


Cancel | 


Select the backup file that you want to recover from. 
Acronis CY — 


Select what you want to recover 


Browse for the backup that contains the required backed-up data. 


Data path: C:/Backups/ Browse... 


Select data, Show: Allarchives ~ © Refresh 


Archive name Owner Locates on Created < Occu.. |Back. Back... Co 


4 B WIN-2A1NUKBHD... WORKGROU.,. WIN-2A1NUK.., 4/29/20 12:51:1... 6.875... 13.15... 
Where to recove 


Destination: [3 Backup #1 429/20 12:5171.5.) 6:88 ve | 13.15.) Full 


Overwriting: .| 10.05... | Full 


{3 Backup #1 5/11/20 6:13:42... 8.617... | 9.923... Full 


< 
© Hide Archives and backups 
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7. Inthe lower left pane, select the drives/volumes (or files/folders) that you want to recover, and 
then click OK. 
8. [Optional] Configure the overwriting rules. 


Recover data 


Configure the recovery operation that will start immediately after you click OK at the bottom of the page. 


What to recover 


Select data... Remove 7 folders, 144 files, 10.03 Hide items ® 


O Folderséfiles: 


Remove (ep 


Where to recover 


Destination: Required 
Recover without full path 


Overwriting: | Overwrite existing files 7 


Recovery exclusions: | 


m Overwrite an existing file if itis older 
© Show access crede 


Do not overwrite existing files 
Task parameters 


Recovery options... | Default 


9. [Optional] Configure the recovery exclusions. 
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Acronis Cyber Backup - Connected to This Machine (Local Connection) as root 


Recover data 


Configure the recovery operation that will start immediately after you click OK at the bottom of the page. 


What to recover 


Select data... Remove 7 folders, 144 files, 10.03 


O Foldersffiles: MB 


Hide items @ 


Remoa fat 


Sourd — 
Where to recover Specify fil Specify the path to exclude a single file, the name to 
RESE z exclude all files with this name, or use wildcard 
Destination: Requirec 
characters to exclude multiple files. 
v| Recov 
Overriting: | E Eile name, path or mask: 


Recovery exclusions: | Not spec 


Cancel 


) Show access credentials — 


ve All 


Task parameters Ook | Cancel 


Recovery options... Default 


Cancel 


10. [Optional] Configure the recovery options. 
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Select data. 


Where to recove 


Destination; 


Overwriting: 
Recovery e 


© Hide accq 


Recovery o 


Review the recovery options and change the settings if necessary 


v} 


© Additional settings 
© Error handling 
8l File-level security 


Æ Tape management 


Acronis Cyber Backup - Connected to This Machine (Local Connection) as root 


Pe Additional settings 


You can configure additional settings for the data recovery 
process. 


Set current date and time for recovered files 


Validate backups before recovery 


Restart the machine automatically after recovery is finished 


Ok Cancel 


11. Check that your settings are correct, and then click OK. 


Note 


To recover data to dissimilar hardware, you have to use Acronis Universal Restore. 


Acronis Universal Restore is not available when the backup is located in Acronis Secure Zone. 


11.7.4 Disk management 


With Acronis bootable media you can prepare a disk/volume configuration for recovering the volume 


images backed up with Acronis Cyber Backup. 


Sometimes after the volume has been backed up and its image placed into a safe storage, the 


machine disk configuration might change due to a HDD replacement or hardware loss. In such a case, 
you can recreate the necessary disk configuration so that the volume image can be recovered exactly 
“as it was” or with some alteration of the disk or volume structure you might consider necessary. 


To avoid possible data loss, take all necessary precautions. 
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Note 

All operations on disks and volumes involve a certain risk of data damage. Operations on system, 
bootable or data volumes must be carried out very carefully to avoid potential problems with the 
booting process or hard disk data storage. 

Operations with hard disks and volumes take some time, and any power loss, unintentional turning 
off of the machine or accidental pressing of the Reset button during the procedure could result in 
volume damage and data loss. 


You can perform disk management operations on a bare metal, on a machine that cannot boot or on 
a non-Windows machine. You will need a bootable media that you have created with Bootable Media 
Builder, and by using your Acronis Cyber Backup license key. For more information about how to 
create a bootable media, refer to Linux-based bootable media or Windows-PE based bootable media, 
respectively. 


To perform disk management operations 


1. Boot from Acronis bootable rescue media. 


English US X 


Start the bootable rescue utility. l 


2. To work on the local machine, click Manage this machine locally. For remote connections, 


refer to Registering media on the management server. 
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Acronis Bootable Agent 


® Manage this machine locally 
E: Sm] 


Configure network 
Proxy server 
Machine name: Wi-Fi settings 
User name: not specified 
Edit 
DHCP hostname: localhost 
IP address: 10.0.2.15 


You can turn on MouseKeys to control the mouse pointer using the numeric keypad. 
Press either CT RL+M or F10 and control the pointer using the numeric keypad keys. 


Turn off | Reboot 


3. Click Disk management. 


Navigation v Help y 


Welcome to 'WIN-2A1NUKBHD7U' 


The console is connected to a managed machine. Choose the action to perform or the tool to use. 


? Back up now 
Ey S 


ecify a backup location and start bac 


over 


& A a 


Actions 


(5) Apply Universal Restore 2 validate 


te Browse vaults 43 Export backup 


Navigation 


& Tape management D Disk management 
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Note 
Disk management operations under bootable media may work incorrectly if storage spaces are 
configured on the machine. 


Supported file systems 
The bootable media supports disk management with the following file systems: 


e FAT 16/32 
e NTFS 


If you need to perform operations on a volume with a different file system, use Acronis Disk Director. 
It provides more tools and utilities to manage disks and volumes with the following file systems: 


e FAT 16/32 
e NTFS 

e Ext2 

e Ext3 

e HFS+ 

e HFSX 

e ReiserFS 

e JFS 

e Linux SWAP 


Basic precautions 


To avoid possible disk and volume structure damage or data loss, take all necessary precautions and 
follow these guidelines: 


1. Back up the disk on which volumes will be created or managed. Having your most important data 
backed up to another hard disk, network share or removable media will allow you to work on disk 
volumes knowing that your data is safe. 

2. Test your disk to make sure it is fully functional and does not contain bad sectors or file system 
errors. 

3. Do not perform any disk/volume operations while running other software that has low-level disk 
access. 


Choosing the operating system for disk management 


On a machine with two or more operating systems, representation of disks and volumes depends on 
which operating system is currently running. The same volume might have different letters under 
different operating systems. 


When you perform a disk management operation, you have to specify disk layout for which 
operating system will be displayed. To do so, click the operating system name next to the Disk 
layout label and choose your desired operation system in the window that opens. 


e 


© Navigation v Disk management v Help v 


Disk management 


The tool allows you to view and manage disk properties (powered by Acronis Disk Director(TM)). 
Pime a l Capacity Free space Type File system Status 
Disk 1 (MBR) 
© None 100.2GB 61.65 GB Primary MBR Healthy 
© System Reserved 500 MB 156.8 MB Primary MBR Healthy (Active) 
Disk 2 (MBR) 
© Unallocated 25.81 MB 
Basic Disks 
© Disk 1 
Basic MBR > 


100.7 GB 
Healthy 


& Disk 2 

Basic MBR | ; 
25.81 MB 25.81 MB 
Healthy Unallocated 


& Disk3 

Uninitialized 

17.95 MB 

Healthy 
© Primary Unallocated 


Disk operations 
With the bootable media, you can perform the following disk management operations: 


e Disk Initialization - Initializes a new hardware that was added to the system 

e Basic disk cloning - Transfers complete data from a source basic MBR disk to a target disk 
e Disk conversion: MBR to GPT - Converts an MBR partition table to GPT 

e Disk conversion: GPT to MBR - Converts a GPT partition table to MBR 

e Disk conversion: Basic to Dynamic - Converts a basic disk to dynamic 


e Disk conversion: Dynamic to Basic - Converts a dynamic disk to basic 


Disk initialization 
The bootable media shows a non-initialized disk as a gray block with a grayed icon, thus indicating 
that the disk is unusable by the system. 


To initialize a disk 


1. Right-click the desired disk, and then click Initialize. 

2. Inthe Disk Initialization window, set the disk partitioning scheme (MBR or GPT) and the disk 
type (basic or dynamic). 

3. By clicking OK, you will add a pending operation of disk initialization. 
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4. To complete the added operation, commit it. Exiting the program without committing the 
operation will effectively cancel it. 

5. After the initialization, the disk space remains unallocated. To be able to use it, you need to create 
avolume onit. 


Acronis Cyber Backup - Connected to This Machine (Local Connection) as root 


© Navigation v Disk management v Help v 


Disk management 
The tool allows you to view and manage dig 
z Commit Disk layout: Windows Server 2016 
An uninitialized disk has been detected 
Volume < system Status 


To be able to manage this disk you need to initialize it. Here you 
Disk 1 (MBR) can initialize the disk. Select the partitioning scheme (GPT or MBR) 
and type (basic or dynamic) of the disk. 


© None > Healthy 


Select all Clear all 


© System Reserved Healthy (Active) 
@ Disk 3 Partitioning scheme: MBR 
Disk 2 (Uninitialized) Uninitialized 
17.95 MB Type: Basic 
Disk 3 (Uninitialized) — ž 
Basic Disks ¥\ Initialize = 


@ Disk 2 Partitioning scheme: MBR - 


© oski E 

Basic MBR S.. Uninitialized 

100 7GB 5. 100.2 GB NTF 25.81 MB Type: 
Pr... | Primary; (uns — 


Healthy oe 


@ Disk 3 
Uninitialized 
17.95 MB v 
£ 


6 Primary E Unsupported by current OS Unallocated 


~“ 


Basic disk cloning 


With a full-featured Linux-based bootable media, you can clone basic MBR disks. Disk cloning is not 
available in the ready-made bootable media that you can download or in a bootable media that is 
created without a license key. 


Note 
You can also clone disks by using the Acronis Cyber Backup Command-Line utility. 


To clone basic disks under bootable media 
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1. Boot from Acronis bootable rescue media. 


English US X 


Start the bootable rescue utility. 


2. To clone a disk of the local machine, click Manage this machine locally. For remote connection, 
refer to Registering media on the management server. 
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Acronis Bootable Agent 


® Manage this machine locally 
E: Sm] 


Configure network 
Proxy server 
Machine name: Wi-Fi settings 
User name: not specified 
Edit 
DHCP hostname: localhost 
IP address: 10.0.2.15 


You can turn on MouseKeys to control the mouse pointer using the numeric keypad. 
Press either CT RL+M or F10 and control the pointer using the numeric keypad keys. 


Turn off | Reboot 


3. Click Disk management. 
e 


© Actions v Tools v Navigation v Help v 
Welcome to 'WIN-2A1NUKBHD7U' 


The console is connected to a managed machine. Choose the action to perform or the tool to use. 


? Back up now 
J 
~ F 


fya backup location and start backing uy 


ver 


=<. om an earlier create 


Actions 


(9) Apply Universal Restore we Validate 


£. Browse vaults {3 Export backup 


Navigation 


B Tape management D Disk management 
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4. The available disks are displayed. Right-click the disk that you want to clone, and then click Clone 
basic disk. 


Note 
You can clone only entire disks. Partition cloning is not available. 


Navigation v Disk management v Help v 
Disk management 


The tool allows you to view and manage disk properties (powered by Acronis Disk Director(TM)). 


Disk layout: Windows Server 2016 


Volume Capacity Freespace Type File system Status 


100.2GB 61.79 GB Primary M... Healthy 
É System Reserved 500 MB 156.8 MB Primary M... Healthy (Active) 


Disk 2 (MBR) 


© Unallocated 25.81 MB 


Q Disk 1 | 
Basic MBR >- f T 
100.7 GB » | 100.2 GB NTFS 
Healthy w | Primary; (unsupported); Healthy 


& Disk2 

Basic MBR |_| 

25.81 MB 25.8 
a 


Healthy Unallocated 


Conver to dynamic 


— Create volume 
D Primar eft OS Unallocated 
Clone basic disk 


5. Alist of possible target disks is displayed.The program allows you to select a target disk if it is large 


enough to hold all the data from the source disk without any loss. Select a target disk, and then 
click Next. 
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Acronis Cyber Backup - Connected to This Machine (Local Connection) as root 


tion v Disk management v Help v 

Disk management 

The tool allows you to view and manage disk properties (powered by Acronis Disk Director(TM)). 

i¢) Disk layout: Windows Server 2016 
Volume < 

A 
Disk 1 (MBR) 
Select a target disk: 
© None 


Name * Capacity Usedspace Volumes 


© System Reserve Basic Disks 


Disk 2 (MBR) 


100.7 GB 38.76 GB System Reserved, NONE 


© Unallocated 


25.81 MB 


© Diski & 
Basic MBR >- 


olor tele) ©.. 
Healthy Pr.. 


& Disk2 

Basic MBR 
25.81 MB 25.81 
Healthy Unallo 


he) Primary E 


{v 


Cancel 


If the target disk is larger, you can clone the disk as is or resize the source disk volumes 
proportionally (default option), in order to avoid leaving unallocated space on the target disk. 

If the target disk is smaller, only proportional resizing is available. If safe cloning is impossible even 
with the proportional resizing, the you will not be able to continue the operation. 


Important 
If there is data on the target disk, you will see the warning: "The selected target disk is not empty. 


The data on its volumes will be overwritten." If you proceed, all the data that is currently on the 
target disk will be lost irrevocably. 
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Acronis Cyber Backup - Connected to This Machine (Local Connection) as root 


Disk ma 


Disk management 


The tool allows you to view and manage disk properties (powered by Acronis Disk Director(TM)). 


Disk layout: Windows Server 2016 


Volume < 
Clone the source disk: 


Disk 1 (MBR) OAsis À 


@ Use proportional volume resizing 
© None 


@ Disk 2 
Basic MBR 


25.81 MB 25.81 MB 
Healthy Unallocated 


© System Reserve’ 


Disk 2 (MBR) 


© Unallocated Advanced options: 


|< 


Copy NT signature 


Shut down the machine after the operation 


© Diski & 
Basic MBR S- 
100.7 GB 5... 
Healthy Pr. 
@ Disk2 
Basic MBR 


25.81 MB 
Healthy 


~ Description 


Volumes of the target disk will be resized in proportion to the size of the source 
volumes, 


17.95 
Unallo 


< Back Cancel 


© Primary © Unsu 


Select whether to copy the NT signature or not. 
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Acronis Cyber Backup - Connected to This Machine (Local Connection) as root 


© Navigation v Disk management v Help y 
Disk management 


The tool allows you to view and manage disk properties (powered by Acronis Disk Director(TM)). 


W A eco 


Disk layout: Windows Server 2016 


Volume < 
Clone the source disk: 
= " A 
Disk 1 (MBR) O Asis 
@ Use proportional volume resizing 
© None 


\ Disk 2 


© System Reserve 


Disk 2 (MBR) 
© Unallocated Advanced options: re 
Copy NT signature hut down the machine after the operation a 
& Disk] a 


- Description 


Volumes of the target disk will be resized in proportion to the size of the source 
volumes, 


® Disk 2 


BasicMBR 
25.81 MB S 


Healthy 


v 


If you are cloning a disk comprising a system volume, you need to retain the operating system 
bootability on the target disk volume. It means that the operating system must have the system 
volume information (for example, volume letter) matched with the disk NT signature, which is 
kept in the MBR disk record. However, two disks with the same NT signature cannot work 
properly under one operating system. 
If there are two disks with the same NT signature that comprise a system volume on a machine, at 
the startup the operating system runs from the first disk, discovers the same signature on the 
second one, and then automatically generates a new unique NT signature and assigns it to the 
second disk. As a result, all the volumes on the second disk will lose their letters, all paths will not 
be valid anymore, and programs won't find their files. The operating system on that disk will be 
unbootable. 
To retain system bootability on the target disk volume you can: 
a. Copy the NT signature - provide the target disk with the source disk NT signature matched 
with the registry keys that will also be copied on the target disk. 
To do so, select the Copy NT signature check box. 
You will receive the warning: “If there is an operating system on the hard disk, uninstall either 
the source or the target hard disk drive from your machine prior to starting the machine again. 
Otherwise, the OS will start from the first of the two, and the OS on the second disk will become 


unbootable.” 
The Shut down the machine after the operation check box is selected and disabled 


< Back Cancel 


© Primary © Unsu 


automatically. 


271 © Acronis International GmbH, 2003-2021 


b. Leave the NT signature - keep the old target disk signature and update the operating 
system according to the signature. 


To do so, click to clear the Copy NT signature check box, if necessary. 
The Shut down the machine after the operation check box will be cleared automatically. 


Click Finish to add a pending operation of disk cloning. 
Click Commit, and then click Proceed in the Pending Operations window. Exiting the program 
without committing the operation will effectively cancel it. 


Acronis Cyber Backup - Connected to This Machine (Local Connection) as root 


e) 89 Commit 3 operations e- T | Disk layout: Windows Server 2016 


Volume 


Disk 1 (MBR) 
© None 1 Hard disk: Disk 3 
Scheme: Uninitialized -> MBR 
© System Reserved Active) 
Disk 2 (MBR) | | Operation 3 of 3 Copying partition 
Source disk: Disk 3 
Ə Unallocated 2 
Tai Target disk: Disk 2 % 
Cloning method: Proportional volume ^ 
&? Disk1 | resizing 
Basic MBR S- | Copy NT signature: No 
100.7 GB 5.. 100.2 GB NTFS 
Ñ Healthy Pr... | Primary; (unsupported 
_ Click Proceed to start. 
& Disk 2 | ; Cancel 
Basic MBR _ 
25.81 MB 25 
Healthy 


v 


6 Primary Unsupported by current OS Unallocated 


EN-US 


9. If you chose to copy the NT signature, wait until the operation is completed and the computer is 
turned off, and then disconnect either the source or the target hard disk drive from the machine. 


Disk conversion: MBR to GPT 


You might want to convert an MBR basic disk to a GPT basic disk if you need: 


e More than 4 primary volumes on one disk. 


e Additional disk reliability against any possible data damage. 


Important 
The basic MBR disk that contains the boot volume with the currently running operating system 
cannot be converted to GPT. 


To convert a basic MBR disk to basic GPT disk 
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1. Right-click the disk that you want to clone, and then click Convert to GPT. 
2. By clicking OK, you will add a pending operation of MBR to GPT disk conversion. 


3. To complete the added operation, commit it. Exiting the program without committing the 
operation will effectively cancel it. 


Note 

A GPT-partitioned disk reserves the space in the end of the partitioned area necessary for the backup 
area, which stores copies of the GPT header and the partition table. If the disk is full and the volume 
size cannot be automatically decreased, the conversion operation of the MBR disk to GPT will faill. 
The operation is irreversible. If you have a primary volume belonging to an MBR disk and convert the 
disk first to GPT and then back to MBR, the volume will become logical and cannot be used as a 
system volume. 


Dynamic disk conversion: MBR to GPT 


The bootable media does not support direct MBR to GPT conversion for dynamic disks. However, 
you can perform the following conversions to reach this goal: 


1. MBR disk conversion: dynamic to basic using the Convert to basic operation. 
2. Basic disk conversion: MBR to GPT using the Convert to GPT operation. 


3. GPT disk conversion: basic to dynamic using the Convert to dynamic operation. 


Disk conversion: GPT to MBR 


If you plan to install an OS that does not support GPT disks, conversion of the GPT disk to MBR is 
possible. 


Important 
The basic GPT disk that contains the boot volume with the currently running operating system 
cannot be converted to MBR. 


To convert a GPT disk to MBR 


1. Right-click the disk that you want to clone, and then click Convert to MBR. 

2. By clicking OK, you will add a pending operation of GPT to MBR disk conversion. 

3. To complete the added operation, commit it. Exiting the program without committing the 
operation will effectively cancel it. 


Note 
After the operation, the volumes on this disk will become logical. This change is irreversible. 


Disk conversion: basic to dynamic 


You might want to convert a basic disk to dynamic if you: 


e Plan to use the disk as part of a dynamic disk group 


e Want to achieve additional disk reliability for data storage 


To convert a basic disk to dynamic 


1. Right-click the disk that you want to convert, and then click Convert to dynamic. 
2. Click OK. 


The conversion will be performed immediately and your machine will be rebooted, if necessary. 


Note 

A dynamic disk occupies the last megabyte of the physical disk to store the database, including the 
four-level description (Volume-Component-Partition-Disk) for each dynamic volume. If during the 
conversion to dynamic it turns out that the basic disk is full and the size of its volumes cannot be 
decreased automatically, the operation will fail. 

Conversion of disks comprising system volumes takes some time and any power loss, unintentional 
turning off of the machine or accidental pressing of the Reset button during the procedure could 
result in bootability loss. 


In contrast to Windows Disk Manager, the program ensures bootability of an offline operating 
system on the disk after the operation. 


Disk conversion: dynamic to basic 


You might want to convert dynamic disks back to basic ones, for example, if you want to use an 
operation system that does not support dynamic disks. 


To convert a dynamic disk to basic: 


1. Right-click the disk that you want to convert, and then click Convert to basic. 
2. Click OK. 


The conversion will be performed immediately and your machine will be rebooted, if necessary. 


Note 
This operation is not available for dynamic disks that contain Spanned, Striped, or RAID-5 volumes. 


After the conversion, the last 8Mb of disk space is reserved for a future conversion of the disk from 

basic to dynamic. In some cases the possible unallocated space and the proposed maximum volume 
size might differ (for example, when the size of one mirror establishes the size of the other mirror, or 
the last 8Mb of disk space are reserved for the future conversion of the disk from basic to dynamic). 


Note 

Conversion of disks comprising system volumes takes some and any power loss, unintentional 
turning off of the machine or accidental pressing of the Reset button during the procedure could 
result in bootability loss. 


In contrast to Windows Disk Manager, the program ensures: 


e Safe conversion of a dynamic disk to basic when it contains volumes with data for simple and 
mirrored volumes 


e In multiboot systems, bootability of a system that was offline during the operation 


Volume operations 
With the bootable media, you can perform the following operations on volumes: 


e Create Volume - Creates a new volume 

e Delete Volume - Deletes the selected volume 

e Set Active - Sets the selected volume active so that the machine will be able to boot with the OS 
installed there 

e Change Letter - Changes the selected volume letter 

e Change Label - Changes the selected volume label 


e Format Volume - Formats a volume with the a file system 


Types of dynamic volumes 


11.7.5 Simple Volume 


Avolume created from free space on a single physical disk. It can consist of one region on the 
disk or several regions, virtually united by the Logical Disk Manager (LDM). It provides neither 
additional reliability or speed improvement, nor extra size. 


11.7.6 Spanned Volume 


Avolume created from free disk space virtually linked together by the LDM from several 
physical disks. Up to 32 disks can be included into one volume, thus overcoming the hardware size 
limitations. However, even if just one disk fails, all data will be lost. Also, no part of a spanned volume 
can be removed without destroying the entire volume. So, a spanned volume does not provide 
additional reliability or a better I/O rate. 


11.7.7 Striped Volume 


Avolume, also called RAID 0, consisting of equal sized stripes of data, written across each disk 
in the volume. That is, to create a striped volume, you need two or more dynamic disks. The disks in a 
striped volume don't have to be identical, but there must be unused space available on each disk that 
you want to include in the volume. The size of the volume will depend on the size of the smallest 
space. Access to the data on a striped volume is usually faster than access to the same data ona 
single physical disk, because the I/O is spread across more than one disk. 


Striped volumes are created for improved performance, not for their better reliability - they 
don't contain redundant information. 


11.7.8 Mirrored Volume 


A fault-tolerant volume, also called RAID 1, whose data is duplicated on two identical physical 
disks. All of the data on one disk is copied to another disk to provide data redundancy. Almost any 


volume can be mirrored, including the system and boot volumes, and if one of the disks fails, the data 
can still be accessed from the remaining disks. Unfortunately, the hardware limitations on size and 
performance are even more severe with the use of mirrored volumes. 


11.7.9 Mirrored-Striped Volume 


A fault-tolerant volume, also sometimes called RAID 1+0, combining the advantage of the 
high I/O speed of the striped layout and redundancy of the mirror type. The disadvantage remains 
inherent with the mirror architecture - a low disk-to-volume size ratio. 


11.7.10 RAID-5 


A fault-tolerant volume whose data is striped across an array of three or more disks. The 
disks don't need to be identical, but there must be equally sized blocks of unallocated space available 
on each disk in the volume. Parity (a calculated value that can be used to reconstruct data in case of 
failure) is also striped across the disk array and it is always stored on a different disk than the data 
itself. If a physical disk fails, the portion of the RAID-5 volume that was on that failed disk can be re- 
created from the remaining data and the parity. A RAID-5 volume provides reliability and is able to 
overcome the physical disk size limitations with a higher than mirrored disk-to-volume size ratio. 


Create a volume 


You might need anew volume to: 


e Recover a previously saved backup copy in the “exactly as was” configuration 


e Store collections of similar files separately — for example, an MP3 collection or video files on a 
separate volume 


e Store backups (images) of other volumes/disks on a special volume 
e Install a new operating system (or swap file) on a new volume 
e Add new hardware to a machine 


To create a volume 


1. Right-click any unallocated space in a disk, and then click Create volume. The Create volume 
wizard opens. 


Acronis Cyber Backup - Connected to This Machine (Local Connection) as root 


Disk managementy Help v 


fjotable media environment 


Volume + Status 


| Volume type < 
Disk 1 (MBR) | 


pu eu FE EFH ~ 


© None 


- Description 


Basic volume is a volume located on a basic disk. These 
volumes are not fault-tolerant. 


ealthy 
Simple/Spann... 


© System Reserved ealthy (Active) 
Striped 


Disk 2 (MBR) roe 
Irrore: 


RAID-5 hd 


© Diski Æ 
Basic MBR $ 
100.7 GB 5 
Healthy 


& Disk2 
Basic MBR 
25.81 MB 
Healthy 


23.5 MB NTFS 
Primary; Healt! 


2.28 MB 
Unalloc... 


@ Disk 3 
Basic MBR 
17.95 MB 
Healthy 
(a Primary 


Your OS supports this type of volume. 


< Bach Cancel 


2. Select the type of volume. The following options are available: 
e Basic 
e Simple/Spanned 
e Striped 
e Mirrored 
e RAID-5 
If the current operating system does not support the selected type of volume, you will receive a 


warning and the Next button will be disabled. You have to select another type of volume to 
proceed. 


3. Specify the unallocated space or select destination disks. 
e Fora basic volume, specify the unallocated space on the selected disk. 
e Forasimple/spanned volume, select one or more destination disks. 
e For a mirrored volume, select two destination disks. 
e For a striped volume, select two or more destination disks. 
e ForaRAID-5 volume, select three destination disks 


If you are creating a dynamic volume and select one or several basic disks as its destination, you 
will receive a warning that the selected disk will be converted to dynamic automatically. 
4. Set the volume size. 


The maximum value normally reflects the maximum unallocated space possible. In some cases, 
the proposed maximum value might differ - for example, when the size of one mirror establishes 
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the size of the other mirror, or the last 8Mb of the disk space are reserved for the future 
conversion of the disk from basic to dynamic. 
You can choose the position of a new basic volume on a disk, if the unallocated space on that disk 
is bigger than the volume. 

5. Set the volume options. 


Acronis Cyber Backup - Connected to This Machine (Local Connection) as root 


Disk managementy Help v 
Disk management 
The tool allows you to view and manage disk properties (powered by Acronis Disk Director(TM)). 
£) 84 Comme Create Volume Wizard BEJ: Bootable media environment 


Volume + , sm Status 
File system: |NTFS X Type 
; © Primary | a B 
Disk 1 (MBR) Cluster size: 512 bytes (Default} , 
Active 
© None Volume label: 9 Logical Healthy 
© System Reserved Letter; None Healthy (Active) 


Disk 2 (MBR) 


© Unallocated 


B: ks 


Q Diski Æ 
Basic MBR 
100.7 GB 

Healthy 


- Description 
File system is a structure in which files are named, stored, and organized. 


Cluster is the smallest amount of disk space to hold a file. The smaller the cluster 
size, the more efficiently a disk stores information. 


& Disk3 
Uninitialized 
17.95 MB 
Healthy 

o Primary Unal 


< Back Cancel 


You can assign the volume Letter (by default - the first free letter of the alphabet) and optionally 
- a Label (by default - none). You must also specify the File system and the Cluster size. 


The possible file systems options are: 

e FAT16 (disabled if the volume size has been set at more than 2 GB) 

e FAT32 (disabled if the volume size has been set at more than 2 TB) 

e NTFS 

e Leave the volume unformatted. 

When setting the cluster size, you can choose any number in the preset amount for each file 
system. The cluster size that is suggested by default is best suited to the volume with the chosen 
file system. If you set a 64K cluster size for FAT16/FAT32 or on 8KB-64KB cluster size for NTFS, 
Windows can mount the volume, but some programs (for example, Setup programs) might 
calculate its disk space incorrectly. 

If you are creating a basic volume, which can be made a system volume, you can also select the 
volume type — Primary (Active Primary) or Logical. Typically, Primary is selected when you 
want to install an operating system to a volume. Select the Active (default) value if you want to 
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install an operating system on this volume to boot at machine startup. If the Primary button is 
not selected, the Active option will be inactive. If the volume is intended for data storage, select 
Logical. 


Note 

A basic disk can contain up to four primary volumes. If they already exist, the disk will have to be 
converted into dynamic, otherwise Active and Primary options will be disabled and you will only 
be able to select the Logical volume type. 


Click Commit, and then click Proceed in the Pending Operations window. Exiting the program 
without committing the operation will effectively cancel it. 


Acronis Cyber Backup - Connected to This Machine (Local Connection) as root 


tion v Help v 
Disk management 
The tool allows you to view and manage disk properties (powered by Acronis Disk Director(TM)). 
4) | 24 Com ns Disk layout: Bootable media environment 


Volume + Disk management is ready to proceed with physical data File system Status 
Disk 1 (MBR) processing. Here is the list of operations to be performed: a 
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@ None peration 1 0 anging partitioning scheme NTFS Healthy 
Hard disk: Disk 2 
© System Reserved Scheme: Uninitialized -> MBR NTFS Healthy (Active) 
Disk 2 (MBR) 
Operation 2 of 2 Creating volume 
ene Volume type: Basic NTRS Meeting v 
Hard disk: Disk 2 (23.5 MB of 25.81 A 
MB) 
Offset: 31.5 KB 
Volume size: 23.5 MB 
Basic volume Primary 
Click Proceed to start. 
© pisk2 Cancel 
) Dis 
Basic MBR A P 
25.81 MB AB NTFS 2.28 MB 
Healthy ry; Healthy Unalloc... 
& Disk3 
Uninitialized X 
17.95 MB 
Healthy = 
B Primary Unallocated 


Delete a volume 


To delete a volume 


ile 
2. 


Right-click the volume that you want to delete. 
Click Delete volume . 


Note 
All the information on this volume will be lost irrevocably. 


By clicking OK, you will add a pending operation of volume deletion. 
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4. To complete the added operation, commit it. Exiting the program without committing the 
operation will effectively cancel it. 


After a volume is deleted, its space is added to unallocated disk space. You can use it to create a new 
volume or to change another volume's type. 


Set active volume 


If you have several primary volumes, you must specify one to be the boot volume. For this, you can 
set a volume to become active. A disk can have only one active volume. 


To set a volume active: 


1. Right-click the desired primary volume on a basic MBR, and then click Mark as active. 
If there is no other active volume in the system, the pending operation of setting active volume 
will be added. If another active volume is present in the system, you will receive a warning that the 
previous active volume must be set passive first. 


Note 
Due to setting the new active volume, the former active volume letter might be changed and 
some of the installed programs might stop running. 


2. By clicking OK, you will add a pending operation of setting active volume. 


Note 

Even if you have the operating system on the new active volume, in some cases the machine will 
not be able to boot from it. You will have to confirm your decision to set the new volume as 
active. 


3. To complete the added operation, commit it. Exiting the program without committing the 
operation will effectively cancel it. 


Change volume letter 


Windows operating systems assign letters (C:, D:, etc) to hard disk volumes at startup. These letters 
are used by applications and operating systems to locate files and folders in the volumes. Connecting 
an additional disk, as well as creating or deleting a volume on existing disks, might change your 
system configuration. As a result, some applications might stop working normally or user files might 
not be automatically found and opened. To prevent this, you can manually change the letters that 
are automatically assigned to the volumes by the operating system. 


To change a letter assigned to a volume by the operating system 


1. Right-click the desired volume, and then click Change letter. 

2. Inthe Change Letter window, select a new letter . 

3. By clicking OK, you will add a pending operation of volume letter assignement. 
4 


To complete the added operation, commit it. Exiting the program without committing the 
operation will effectively cancel it. 


Change volume label 
The volume label is an optional attribute. It is a name assigned to a volume for easier recognition. 
To change a volume label 


1. Right-click the desired volume, and then click Change label. 

2. Enter anew label in the Change label window text field. 

3. By clicking OK, you will add a pending operation of changing the volume label. 
4 


. To complete the added operation, commit it. Exiting the program without committing the 
operation will effectively cancel it. 


Format volume 
You might want to format a volume if you want to change its file system: 


e To Save additional space which is being lost due to the cluster size on the FAT16 or FAT32 file 
systems 


e Asaquick and more or less reliable way of destroying data, residing in this volume 
To format a volume: 


1. Right-click the desired volume, and then click Format. 
2. Select the cluster size and file system. The possible file systems options are: 
e FAT16 (disabled if the volume size has been set at more than 2 GB) 
e FAT32 (disabled if the volume size has been set at more than 2 TB) 
e NTFS 
By clicking OK, you will add a pending operation of formatting a volume. 


4. To complete the added operation, commit it. Exiting the program without committing the 
operation will effectively cancel it. 


Pending operations 


All operations are considered pending until you issue and confirm the Commit command. Thus you 
can control all planned operations, double-check the intended changes, and cancel any operation 
before is is executed, if necessary. 


The Disk management view contains the toolbar with icons for Undo, Redo and Commit actions 
intended for pending operations. These actions might also be launched from the Disk 
management menu. 


e 
© Navigation v 
Disk management 
The tool allows you to view and manage disk properties (powered by Acronis Disk Director(T M)). 
TE 


Volume a 


Disk management v Help v 


Capacity Free space 
Disk 1 (MBR) 
100.2 GB 


© None 61.65 GB Primary MBR 


© System Reserved 500 MB 156.8 MB Primary MBR 


Disk 2 (MBR) 


© None 23.5 MB 


21.3 MB Primary MBR 


Disk layout: Bootable media environment 


File system Status 


Healthy 


Healthy (Active) 


NTFS Healthy 


Basic Disks 
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Basic MBR >- 
100.7 GB 5.. |100.2 GB NTFS 
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Basic MBR 
25.81 MB 
Healthy 


23.5 MB NTFS 
Primary; Healthy 


Unallocated 


All planned operations are added to the pending operation list. 


2,28 MB 
Unalloc... 


The Undo action lets you undo the latest operation in the list. While the list is not empty, this action is 


available. 


The Redo action lets you reinstate the last pending operation that was undone. 


The Commit action forwards you to the Pending Operations window, where you will be able to 


view the pending operation list. 


To launch their execution, click Proceed. 


Note 
You will not be able to undo any actions or operations after you choose the Proceed operation! 


If you don't want to proceed with the commitment, click Cancel. Then no changes will be made to 
the pending operation list. Quitting the program without committing the pending operations also 


effectively cancels them. 
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Acronis Cyber Backup - Connected to This Machine (Local Connection) as root 


Disk management v Help v 


Disk management 


The tool allows you to view and manage disk properties (powered by Acronis Disk Director(TM)). 


4) ©! 89 Commit 2 operations 


Disk layout: Bootable media environment 


File system Status 
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Cancel 
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11.8 Configuring iSCSI devices 


This section describes how to configure Internet Small Computer System Interface (iSCSI) devices 
when working under bootable media. After performing the steps below, you will be able to use these 
devices as if they were locally attached to the machine booted with bootable media. 


An iSCSI target server (or target portal) is a server that hosts an iSCSI device. An iSCSI target is a 
component on the target server; this component shares the device and lists iSCSI initiators that are 
allowed access to the device. An iSCSI initiator is a component on a machine; this component 
provides interaction between the machine and an iSCSI target. When configuring access to an iSCSI 
device on a machine booted with bootable media, you need to specify the iSCSI target portal of the 
device and one of the iSCSI initiators listed in the target. If the target shares several devices, you will 


get access to all of them. 
To add an iSCSI device in a Linux-based bootable media 


1. Click Tools > Configure iSCSI/NDAS devices. 

2. Click Add host. 
Specify the IP address and port of the iSCSI target portal, and the name of any iSCSI initiator that 
is allowed access to the device. 
If the host requires authentication, specify the user name and password for it. 

5. Click OK. 
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6. Select the iSCSI target from the list, and then click Connect. 


If CHAP authentication is enabled in the iSCSI target settings, you will be prompted for credentials 
to access the iSCSI target. Specify the same user name and target secret as in the iSCSI target 
settings. Click OK. 


8. Click Close to close the window. 
To add an iSCSI device in a PE-based bootable media 


1. Click Tools > Run the iSCSI Setup. 

2. Click the Discovery tab. 

3. Under Target Portals, click Add, and then specify the IP address and port of the iSCSI target 
portal. Click OK. 

4. Click the General tab, click Change, and then specify the name of any iSCSI initiator that is 
allowed access to the device. 

5. Click the Targets tab, click Refresh, select the iSCSI target from the list, and then click Connect. 
Click OK to connect to the iSCSI target. 

6. If CHAP authentication is enabled in the iSCSI target settings, you will see the Authentication 
Failure error. In this case, click Connect, click Advanced, select the Enable CHAP log on check 
box, and then specify the same user name and target secret as in the iSCSI target settings. Click 
OK to close the window, and then click OK to connect to the iSCSI target. 

7. Click OK to close the window. 


11.9 Startup Recovery Manager 


Startup Recovery Manager is a bootable component residing on the system disk in Windows, or on 
the /boot partition in Linux and configured to start at boot time on pressing F11. It eliminates the 
need for a separate media or network connection to start the bootable rescue utility. 


Startup Recovery Manager is especially useful for traveling users. If a failure occurs, reboot the 
machine, wait for the prompt "Press F11 for Acronis Startup Recovery Manager..." to appear, and 
then press F11. The program will start and you can perform recovery. 


You can also back up using Startup Recovery Manager, while on the move. 


On machines with the GRUB boot loader installed, you select the Startup Recovery Manager from the 
boot menu instead of pressing F11. 


A machine booted with Startup Recovery Manager can be registered on the management server 
similarly to a machine booted from bootable media. To do this, click Tools > Register media on the 
management server, and then follow the step-by-step procedure described in "Registering media 
on the management server". 


11.9.1 Activating Startup Recovery Manager 


Ona machine running Agent for Windows or Agent for Linux, Startup Recovery Manager can be 
activated by using the backup console. 


To activate Startup Recovery Manager in the backup console 


1. Select the machine that you want to activate Startup Recovery Manager on. 
2. Click Details. 

3. Enable the Startup Recovery Manager switch. 

4. Wait while the software activates Startup Recovery Manager. 


To activate Startup Recovery Manager on a machine without an agent 


1. Boot the machine from bootable media. 
2. Click Tools > Activate Startup Recovery Manager . 


3. Wait while the software activates Startup Recovery Manager. 


11.9.2 What happens when you activate Startup Recovery Manager 


Activation enables the boot-time prompt "Press F11 for Acronis Startup Recovery Manager..." (if you 
do not have the GRUB boot loader) or adds the" Startup Recovery Manager" item to GRUB's menu 
(if you have GRUB). 


Note 
The system disk (or, the /boot partition in Linux) should have at least 100 MB of free space to 
activate Startup Recovery Manager. 


Unless you use the GRUB boot loader and it is installed in the Master Boot Record (MBR), Startup 
Recovery Manager activation overwrites the MBR with its own boot code. Thus, you may need to 
reactivate third-party boot loaders if they are installed. 


Under Linux, when using a boot loader other than GRUB (such as LILO), consider installing it to a 
Linux root (or boot) partition boot record instead of the MBR before activating Startup Recovery 
Manager. Otherwise, reconfigure the boot loader manually after the activation. 


11.9.3 Deactivating Startup Recovery Manager 
Deactivation is performed similarly to activation. 


Deactivation disables the boot time prompt "Press F11 for Acronis Startup Recovery Manager..." (or, 
the menu item in GRUB). If Startup Recovery Manager is not activated, you will need one of the 
following to recover the system when it fails to boot: 


e boot the machine from a separate bootable media 


e use network boot from a PXE server or Microsoft Remote Installation Services (RIS) 


11.10 Acronis PXE Server 


Acronis PXE Server allows for booting machines to Acronis bootable components through the 
network. 


Network booting: 


e eliminates the need to havea technician onsite to install the bootable media into the system that 
must be booted 

e during group operations, reduces the time required for booting multiple machines as compared to 
using physical bootable media. 


Bootable components are uploaded to Acronis PXE Server using Acronis Bootable Media Builder. To 
upload bootable components, start the Bootable Media Builder, and then follow the step-by-step 
instructions described in "Linux-based bootable media". 


Booting multiple machines from the Acronis PXE Server makes sense if there is a Dynamic Host 
Control Protocol (DHCP) server on your network. Then the network interfaces of the booted 
machines will automatically obtain IP addresses. 


Limitation: 


Acronis PXE Server does not support UEFI boot loader. 


11.10.1 Installing Acronis PXE Server 
To install Acronis PXE Server 


1. Logonasan administrator and start the Acronis Cyber Backup setup program. 

2. [Optional] To change the language the setup program is displayed in, click Setup language. 

3. Accept the terms of the license agreement and select whether the machine will participate in the 
Acronis Customer Experience Program (ACEP). 


4. Click Customize installation settings. 
Next to What to install, click Change. 
6. Select the PXE Server check box. If you do not want to install other components on this machine, 
clear the corresponding check boxes. Click Done to continue. 
[Optional] Change other installation settings. 
Click Install to proceed with the installation. 


9. After the installation completes, click Close. 


Acronis PXE Server runs as a service immediately after installation. Later on it will automatically 
launch at each system restart. You can stop and start Acronis PXE Server in the same way as other 
Windows services. 


11.10.2 Setting up a machine to boot from PXE 
For bare metal, it is enough that the machine's BIOS supports network booting. 


Ona machine that has an operating system on the hard disk, the BIOS must be configured so that 
the network interface card is either the first boot device, or at least prior to the Hard Drive device. The 
example below shows one of reasonable BIOS configurations. If you don't insert bootable media, the 
machine will boot from the network. 


Netuork boot fron AND An?9CI?OA 


In some BIOS versions, you have to save changes to BIOS after enabling the network interface card 
so that the card appears in the list of boot devices. 


If the hardware has multiple network interface cards, make sure that the card supported by the BIOS 
has the network cable plugged in. 


11.10.3 Work across subnets 


To enable the Acronis PXE Server to work in another subnet (across the switch), configure the switch 
to relay the PXE traffic. The PXE server IP addresses are configured on a per-interface basis using IP 
helper functionality in the same way as DHCP server addresses. For more information please refer to: 
https://support. microsoft.com/en-us/help/257579/pxe-clients-do-not-receive-an-ip-address-from-a- 
dhcp-server. 
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12 Protecting mobile devices 


The backup app allows you to back up your mobile data to the Cloud storage and then recover it in 


case of loss or corruption. Note that backup to the cloud storage requires an account and the Cloud 


subscription. 


12.1 Supported mobile devices 


You can install the backup app on a mobile device that runs one of the following operating systems: 


iOS 10.3 and later (iPhone, iPod, and iPads) 
Android 5.0 and later 


12.2 What you can back up 


Contacts 
Photos 
Videos 
Calendars 


Reminders (only on iOS devices) 


12.3 What you need to know 


You can back up the data only to the cloud storage. 

Any time you open the app, you will see the summary of data changes and can start a backup 

manually. 

The Continuous backup functionality is enabled by default. If this setting is turned on: 

o For Android 7.0 or higher, the backup app automatically detects new data on-the-fly and 
uploads it to the Cloud. 

o For Android 5 and 6, it checks for changes every three hours. You can turn off continuous 
backup in the app settings. 

The Use Wi-Fi only option is enabled by default in the app settings. If this setting is turned on, the 

backup app will back up your data only when a Wi-Fi connection is available. If the Wi-Fi connection 

is lost, a backup process does not start. For the app to use cellular connection as well, turn this 
option off. 

You have two ways to save energy: 

o The Back up while charging functionality which is disabled by default. If this setting is turned 
on, the backup app will back up your data only when your device is connected to a power 
source. When the device is disconnected from a power source during a continuous backup 
process, the backup is paused. 
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o The Save power mode which is enabled by default. If this setting is turned on, the backup app 
will back up your data only when your device battery is not low. When the device battery gets 
low, the continuous backup is paused. This option is available for Android 8 or higher. 

You can access the backed-up data from any mobile device registered under your account. This 

helps you transfer the data from an old mobile device to a new one. Contacts and photos from an 

Android device can be recovered to an iOS device and vice versa. You can also download a photo, 

video, or contact to any device by using the backup console. 

The data backed up from mobile devices registered under your account is available only under this 

account. Nobody else can view or recover your data. 

In the backup app, you can recover only the latest data versions. If you need to recover from a 

specific backup version, use the backup console on either a tablet or a computer. 

[Only for Android devices] If an SD card is present during a backup, the data stored on this card is 

also backed up. The data will be recovered to an SD card, to the folder Recovered by Backup if it 

is present during recovery, or the app will ask for a different location to recover the data to. 


2.4 Where to get the backup app 


On the mobile device, open a browser and go to https://backup.acronis.com/. 

Sign in with your account. 

Click All devices > Add. 

Under Mobile devices, select the device type. 

Depending on the device type, you will be redirected to the App Store or to the Google Play Store. 
[Only on iOS devices] Click Get. 

Click Install to install the backup app. 


2.5 How to start backing up your data 


Open the app. 
Sign in with your account. 


Tap Set up to create your first backup. 


1. 
2. 


Select the data categories that you want to back up. By default, all categories are selected. 
[optional step] Enable Encrypt Backup to protect your backup by encryption. In this case, you 
will need to also: 

a. Enter an encryption password twice. 


Note 
Make sure you remember the password, because a forgotten password can never be restored 
or changed. 


b. Tap Encrypt. 
Tap Back up. 


4. Allowthe app access to your personal data. If you deny access to some data categories, they will 


not be backed up. 


The backup starts. 


12.6 How to recover data to a mobile device 


Open the backup app. 


1 

2. Tap Browse. 
3. 
4 


Tap the device name. 

Do one of the following: 

e To recover all of the backed-up data, tap Recover all. No more actions are required. 

e To recover one or more data categories, tap Select, and then tap the check boxes for the 
required data categories. Tap Recover. No more actions are required. 


e To recover one or more data items belonging to the same data category, tap the data category. 
Proceed to further steps. 


Do one of the following: 
e To recover a single data item, tap it. 


e To recover several data items, tap Select, and then tap the check boxes for the required data 
items. 


Tap Recover. 


12.7 How to review data via the backup console 


On a computer, open a browser and type the backup console URL. 


1 

2. Signin with your account. 
3. 
4 


In All devices, click Recover under your mobile device name. 
Do any of the following: 


e To download all photos, videos, contacts, calendars, or reminders, select the respective data 
category. Click Download. 
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e To download individual photos, videos, contacts, calendars, or reminders, click the respective 
data category name, and then select the check boxes for the required data items. Click 
Download. 


iPhone 7 Photos © ®© 


Name v © Download 


IMG_0175.JPG IMG_0165.JPG IMG_0206.JPG 


É EA 

Ç. A 
e To preview a photo or a contact, click the respective data category name, and then click the 
required data item. 
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13 Protecting Microsoft applications 


Note 
In cloud deployments, some of the features described in this section might not be available or might 
be different. 


13.1 Protecting Microsoft SQL Server and Microsoft 
Exchange Server 


There are two methods of protecting these applications: 


« Database backup 
This is a file-level backup of the databases and the metadata associated with them. The databases 
can be recovered to a live application or as files. 

e Application-aware backup 
This is a disk-level backup that also collects the applications' metadata. This metadata enables 
browsing and recovery of the application data without recovering the entire disk or volume. The 
disk or volume can also be recovered as a whole. This means that a single solution and a single 
backup plan can be used for both disaster recovery and data protection purposes. 


For Microsoft Exchange Server, you can opt for Mailbox backup. This is a backup of individual 
mailboxes via the Exchange Web Services protocol. The mailboxes or mailbox items can be recovered 
to a live Exchange Server or to Microsoft Office 365. Mailbox backup is supported for Microsoft 
Exchange Server 2010 Service Pack 1 (SP1) and later. 


13.2 Protecting Microsoft SharePoint 


A Microsoft SharePoint farm consists of front-end servers that run SharePoint services, database 
servers that run Microsoft SQL Server, and (optionally) application servers that offload some 
SharePoint services from the front-end servers. Some front-end and application servers may be 
identical to each other. 


To protect an entire SharePoint farm: 


e Back up all of the database servers with application-aware backup. 
e Back up all of the unique front-end servers and application servers with usual disk-level backup. 


The backups of all servers should be done on the same schedule. 


To protect only the content, you can back up the content databases separately. 


13.3 Protecting a domain controller 


A machine running Active Directory Domain Services can be protected by application-aware backup. 
If adomain contains more than one domain controller, and you recover one of them, a 


nonauthoritative restore is performed and a USN rollback will not occur after the recovery. 


13.4 Recovering applications 


The following table summarizes the available application recovery methods. 


Microsoft SQL Server 


Microsoft Exchange 
Server 


Microsoft SharePoint 
database servers 


Microsoft SharePoint 
front-end web servers 


Active Directory Domain 


Services 


From a database backup 


Databases to a live SQL Server 
instance 


Databases as files 


Databases to a live Exchange 
Databases as files 


Granular recovery to a live 
Exchange or to Office 365* 


Databases to a live SQL Server 
instance 


Databases as files 


Granular recovery by using 
SharePoint Explorer 


From an application-aware 
backup 


Entire machine 


Databases to a live SQL Server 
instance 


Databases as files 
Entire machine 
Databases to a live Exchange 
Databases as files 


Granular recovery to a live 
Exchange or to Office 365* 


Entire machine 


Databases to a live SQL Server 
instance 


Databases as files 


Granular recovery by using 
SharePoint Explorer 


Entire machine 


* Granular recovery is also available from a mailbox backup. 


13.5 Prerequisites 


Before configuring the application backup, ensure that the requirements listed below are met. 


To check the VSS writers state, use the vssadmin list writers command. 


13.5.1 Common requirements 


For Microsoft SQL Server, ensure that: 


Entire 
machine 


Entire 
machine 


Entire 
machine 


Entire 
machine 


e Atleast one Microsoft SQL Server instance is started. 
e The SQL writer for VSS is turned on. 


For Microsoft Exchange Server, ensure that: 


e The Microsoft Exchange Information Store service is started. 

e Windows PowerShell is installed. For Exchange 2010 or later, the Windows PowerShell version 
must be at least 2.0. 

e Microsoft .NET Framework is installed. 
For Exchange 2007, the Microsoft .NET Framework version must be at least 2.0. 
For Exchange 2010 or later, the Microsoft .NET Framework version must be at least 3.5. 

e The Exchange writer for VSS is turned on. 


Note 

Agent for Exchange needs a temporary storage to operate. By default, the temporary files are 
located in %ProgramData%\Acronis\Temp. Ensure that you have at least as much free space on the 
volume where the %ProgramData% folder is located as 15 percent of an Exchange database size. 
Alternatively, you can change the location of the temporary files before creating Exchange backups 
as described in: https://kb.acronis.com/content/40040. 


On a domain controller, ensure that: 
e The Active Directory writer for VSS is turned on. 
When creating a protection plan, ensure that: 


e For physical machines, the Volume Shadow Copy Service (VSS) backup option is enabled. 
e For virtual machines, the Volume Shadow Copy Service (VSS) for virtual machines backup option is 
enabled. 


13.5.2 Additional requirements for application-aware backups 


When creating a protection plan, ensure that Entire machine is selected for backup. The Sector-by- 
sector backup option must be disabled in a protection plan, otherwise it will be impossible to 
perform a recovery of application data from such backups. If the plan is executed in the Sector-by- 
sector mode due to an automatic switch to this mode, then recovery of application data will also be 
impossible. 


Requirements for ESXi virtual machines 
If the application runs on a virtual machine that is backed up by Agent for VMware, ensure that: 


e The virtual machine being backed up meets the requirements for application-consistent backup 
and restore listed in the article "Windows Backup Implementations" in the VMware 
documentation: https://code.vmware.com/docs/1674/virtual-disk-programming- 
guide/doc/vddkBkupVadp.9.6.html 


e VMware Tools is installed and up-to-date on the machine. 


User Account Control (UAC) is disabled on the machine. If you do not want to disable UAC, you 
must provide the credentials of a built-in domain administrator (DOMAIN\Administrator) when 
enabling application backup. 


Requirements for Hyper-V virtual machines 


If the application runs on a virtual machine that is backed up by Agent for Hyper-V, ensure that: 


The guest operating system is Windows Server 2008 or later. 

For Hyper-V 2008 R2: the guest operating system is Windows Server 2008/2008 R2/2012. 

The virtual machine has no dynamic disks. 

The network connection exists between the Hyper-V host and the guest operating system. This is 

required to execute remote WMI queries inside the virtual machine. 

User Account Control (UAC) is disabled on the machine. If you do not want to disable UAC, you 

must provide the credentials of a built-in domain administrator (DOMAIN\Administrator) when 

enabling application backup. 

The virtual machine configuration matches the following criteria: 

o Hyper-V Integration Services is installed and up-to-date. The critical update is 
https://support. microsoft.com/en-us/help/3063109/hyper-v-integration-components-update- 
for-windows-virtual-machines 

o Inthe virtual machine settings, the Management > Integration Services > Backup (volume 
checkpoint) option is enabled. 

o For Hyper-V 2012 and later: the virtual machine has no checkpoints. 

o For Hyper-V 2012 R2 and later: the virtual machine has a SCSI controller (check Settings > 
Hardware). 


13.6 Database backup 


Before backing up databases, ensure that the requirements listed in "Prerequisites" are met. 


Select the databases as described below, and then specify other settings of the backup plan as 


appropriate. 


13.6.1 Selecting SQL databases 


A backup of an SQL database contains the database files (.mdf, .ndf), log files (.ldf), and other 
associated files. The files are backed with the help of the SQL Writer service. The service must be 
running at the time that the Volume Shadow Copy Service (VSS) requests a backup or recovery. 


The SQL transaction logs are truncated after each successful backup. SQL log truncation can be 
disabled in the backup plan options. 


To select SQL databases 


1. Click Devices > Microsoft SQL. 
The software shows the tree of SQL Server Always On Availability Groups (AAG), machines running 
Microsoft SQL Server, SQL Server instances, and databases. 

2. Browse to the data that you want to back up. 

Expand the tree nodes or double-click items in the list to the right of the tree. 

3. Select the data that you want to back up. You can select AAGs, machines running SQL Server, SQL 

Server instances, or individual databases. 

e If you select an AAG, all databases that are included into the selected AAG will be backed up. For 
more information about backing up AAGs, refer to "Protecting Always On Availability Groups 
(AAG)". 

e If you select a machine running SQL Server, all databases that are attached to all SQL Server 
instances running on the selected machine will be backed up. 

e If you select a SQL Server instance, all databases that are attached to the selected instance will 
be backed up. 

e If you select databases directly, only the selected databases will be backed up. 

4. Click Backup. If prompted, provide credentials to access the SQL Server data. The account must 

be a member of the Backup Operators or Administrators group on the machine and a 

member of the sysadmin role on each of the instances that you are going to back up. 


13.6.2 Selecting Exchange Server data 


The following table summarizes the Microsoft Exchange Server data that you can select for backup 
and the minimal user rights required to back up the data. 


2007 Storage groups Membership in the Exchange Organization 
Administrators role group 


2010/2013/2016/2019 Databases, Database Membership in the Server Management role 
Availability Groups (DAG) group. 


A full backup contains all of the selected Exchange Server data. 


An incremental backup contains the changed blocks of the database files, the checkpoint files, and a 
small number of the log files that are more recent than the corresponding database checkpoint. 
Because changes to the database files are included in the backup, there is no need to back up all the 
transaction log records since the previous backup. Only the log that is more recent than the 
checkpoint needs to be replayed after a recovery. This makes for faster recovery and ensures 
successful database backup, even with circular logging enabled. 


The transaction log files are truncated after each successful backup. 


To select Exchange Server data 


1. Click Devices > Microsoft Exchange. 
The software shows the tree of Exchange Server Database Availability Groups (DAG), machines 
running Microsoft Exchange Server, and Exchange Server databases. If you configured Agent for 
Exchange as described in "Mailbox backup", mailboxes are also shown in this tree. 
2. Browse to the data that you want to back up. 
Expand the tree nodes or double-click items in the list to the right of the tree. 
3. Select the data that you want to back up. 
e If you select a DAG, one copy of each clustered database will be backed up. For more 
information about backing up DAGs, refer to "Protecting Database Availability Groups (DAG)". 
e If you select a machine running Microsoft Exchange Server, all databases that are mounted to 
the Exchange Server running on the selected machine will be backed up. 
e If you select databases directly, only the selected databases will be backed up. 
e If you configured Agent for Exchange as described in "Mailbox backup", you can select 
mailboxes for backup. 
4. If prompted, provide the credentials to access the data. 
Click Protect. 


13.6.3 Protecting Always On Availability Groups (AAG) 


Note 
This functionality is not available in the Standard edition of Acronis Cyber Backup. 


SQL Server high-availability solutions overview 


The Windows Server Failover Clustering (WSFC) functionality enables you to configure a highly 
available SQL Server through redundancy at the instance level (Failover Cluster Instance, FCI) or at the 
database level (AlwaysOn Availability Group, AAG). You can also combine both methods. 


In a Failover Cluster Instance, SQL databases are located on a shared storage. This storage can only be 
accessed from the active cluster node. If the active node fails, a failover occurs and a different node 
becomes active. 


In an availability group, each database replica resides on a different node. If the primary replica 
becomes not available, a secondary replica residing on a different node is assigned the primary role. 


Thus, the clusters are already serving as a disaster recovery solution themselves. However, there 
might be cases when the clusters cannot provide data protection: for example, in case of a database 
logical corruption, or when the entire cluster is down. Also cluster solutions do not protect from 
harmful content changes, as they usually immediately replicate to all cluster nodes. 


Supported cluster configurations 


This backup software supports only the Always On Availability Group (AAG) for SQL Server 2012 or 
later. Other cluster configurations, such as Failover Cluster Instances, database mirroring, and log 
shipping are not supported. 


How many agents are required for cluster data backup and recovery? 


For successful data backup and recovery of a cluster Agent for SQL has to be installed on each node 
of the WSFC cluster. 


Backing up databases included in an AAG 


1. 


2. 


3. 


Install Agent for SQL on each node of the WSFC cluster. 


Note 

After you install the agent on one of the nodes, the software displays the AAG and its nodes 
under Devices > Microsoft SQL > Databases. To install Agents for SQL on the rest of the 
nodes, select the AAG, click Details, and then click Install agent next to each of the nodes. 


Select the AAG to backup as described in "Selecting SQL databases". 


Important 

You must select the AAG itself, rather than the individual nodes or databases inside of it. If you 
select individual items inside the AAG, the backup will not be cluster-aware and only the selected 
copies of the items will be backed up. 


Configure the "Cluster backup mode" backup option. 


Recovery of databases included in an AAG 


1. 


Select the databases that you want to recover, and then select the recovery point from which you 
want to recover the databases. 

When you select a clustered database under Devices > Microsoft SQL > Databases, and then 
click Recover, the software shows only the recovery points that correspond to the times when 
the selected copy of the database was backed up. 

The easiest way to view all recovery points of a clustered database is to select the backup of the 
entire AAG on the Backups tab. The names of AAG backups are based on the following template: 
<AAG name> - <backup plan name> and have a special icon. 

To configure recovery, follow the steps described in "Recovering SQL databases", starting from 
step 5. 

The software automatically defines a cluster node to which the data will be recovered. The node's 
name is displayed in the Recover to field. You can manually change the target node. 


Important 

A database that is included in an Always On Availability Group cannot be overwritten during a 
recovery because Microsoft SQL Server prohibits this. You need to exclude the target database 
from the AAG before the recovery. Or, just recover the database as a new non-AAG one. When 
the recovery is completed, you can reconstruct the original AAG configuration. 


13.6.4 Protecting Database Availability Groups (DAG) 


Note 
This functionality is not available in the Standard edition of Acronis Cyber Backup. 


Exchange Server clusters overview 


The main idea of Exchange clusters is to provide high database availability with fast failover and no 
data loss. Usually, it is achieved by having one or more copies of databases or storage groups on the 
members of the cluster (cluster nodes). If the cluster node hosting the active database copy or the 
active database copy itself fails, the other node hosting the passive copy automatically takes over the 
operations of the failed node and provides access to Exchange services with minimal downtime. Thus, 
the clusters are already serving as a disaster recovery solution themselves. 


However, there might be cases when failover cluster solutions cannot provide data protection: for 
example, in case of a database logical corruption, or when a particular database in a cluster has no 
copy (replica), or when the entire cluster is down. Also cluster solutions do not protect from harmful 
content changes, as they usually immediately replicate to all cluster nodes. 


Cluster-aware backup 


With cluster-aware backup, you back up only one copy of the clustered data. If the data changes its 
location within the cluster (due to a switchover or a failover), the software will track all relocations of 
this data and safely back it up. 


Supported cluster configurations 


Cluster-aware backup is supported only for Database Availability Group (DAG) in Exchange Server 
2010 or later. Other cluster configurations, such as Single Copy Cluster (SCC) and Cluster Continuous 
Replication (CCR) for Exchange 2007, are not supported. 


DAG is a group of up to 16 Exchange Mailbox servers. Any node can host a copy of mailbox database 
from any other node. Each node can host passive and active database copies. Up to 16 copies of 
each database can be created. 
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How many agents are required for cluster-aware backup and recovery? 


For successful backup and recovery of clustered databases, Agent for Exchange has to be installed on 
each node of the Exchange cluster. 


Note 

After you install the agent on one of the nodes, the backup console displays the DAG and its nodes 
under Devices > Microsoft Exchange > Databases. To install Agents for Exchange on the rest of 
the nodes, select the DAG, click Details, and then click Install agent next to each of the nodes. 


Backing up the Exchange cluster data 


1. When creating a backup plan, select the DAG as described in "Selecting Exchange Server data". 
2. Configure the "Cluster backup mode" backup option. 
3. Specify other settings of the backup plan as appropriate. 


Important 
For cluster-aware backup, ensure to select the DAG itself. If you select individual nodes or databases 
inside the DAG, only the selected items will be backed up and the Cluster backup mode option will 
be ignored. 


Recovering the Exchange cluster data 


1. Select the recovery point for the database that you want to recover. Selecting an entire cluster for 
recovery is not possible. 
When you select a copy of a clustered database under Devices > Microsoft Exchange > 
Databases > <cluster name> > <node name> and click Recover, the software shows only the 
recovery points that correspond to the times when this copy was backed up. 
The easiest way to view all recovery points of a clustered database is to select its backup on the 
Backups tab. 
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2. Follow the steps described in "Recovering Exchange databases", starting from step 5. 
The software automatically defines a cluster node to which the data will be recovered. The node's 
name is displayed in the Recover to field. You can manually change the target node. 


13.7 Application-aware backup 


Application-aware disk-level backup is available for physical machines and for ESXi virtual machines. 


When you back up a machine running Microsoft SQL Server, Microsoft Exchange Server, or Active 
Directory Domain Services, enable Application backup for additional protection of these 
applications' data. 


Disabled 


13.7.1 Why use application-aware backup? 
By using application-aware backup, you ensure that: 


1. The applications are backed up in a consistent state and thus will be available immediately after 
the machine is recovered. 

2. You can recover the SQL and Exchange databases, mailboxes, and mailbox items without 
recovering the entire machine. 

3. The SQL transaction logs are truncated after each successful backup. SQL log truncation can be 
disabled in the backup plan options. The Exchange transaction logs are truncated on virtual 
machines only. You can enable the VSS full backup option if you want to truncate Exchange 
transaction logs on a physical machine. 

4. If adomain contains more than one domain controller, and you recover one of them, a 
nonauthoritative restore is performed and a USN rollback will not occur after the recovery. 


13.7.2 What do | need to use application-aware backup? 


On a physical machine, Agent for SQL and/or Agent for Exchange must be installed, in addition to 
Agent for Windows. 


On avirtual machine, no agent installation is required; it is presumed that the machine is backed up 
by Agent for VMware (Windows). 


Agent for VMware (Virtual Appliance) and Agent for VMware (Linux) can create application-aware 
backups, but cannot recover application data from them. To recover application data from backups 
created by these agents, you need Agent for VMware (Windows), Agent for SQL, or Agent for 
Exchange on a machine that has access to the location where the backups are stored. When 
configuring recovery of application data, select the recovery point on the Backups tab, and then 
select this machine in Machine to browse from. 


Other requirements are listed in the "Prerequisites" and "Required user rights" sections. 


13.7.3 Required user rights 


An application-aware backup contains metadata of VSS-aware applications that are present on the 
disk. To access this metadata, the agent needs an account with the appropriate rights, which are listed 
below. You are prompted to specify this account when enabling application backup. 


e For SQL Server: 
The account must be a member of the Backup Operators or Administrators group on the 
machine, and a member of the sysadmin role on each of the instances that you are going to back 
up. 

e For Exchange Server: 
Exchange 2007: The account must be a member of the Administrators group on the machine, 
and amember of the Exchange Organization Administrators role group. 
Exchange 2010 and later: The account must be a member of the Administrators group on the 
machine, and a member of the Organization Management role group. 


For Active Directory: 


The account must be a domain administrator. 


Additional requirement for virtual machines 


If the application runs on a virtual machine that is backed up by Agent for VMware or Agent for 
Hyper-V, ensure that User Account Control (UAC) is disabled on the machine. If you do not want to 
disable UAC, you must provide the credentials of a built-in domain administrator 
(DOMAIN\Administrator) when enabling application backup. 


13.8 Mailbox backup 


Mailbox backup is supported for Microsoft Exchange Server 2010 Service Pack 1 (SP1) and later. 


Mailbox backup is available if at least one Agent for Exchange is registered on the management 
server. The agent must be installed on a machine that belongs to the same Active Directory forest as 
Microsoft Exchange Server. 


Before backing up mailboxes, you must connect Agent for Exchange to the machine running the 
Client Access server role (CAS) of Microsoft Exchange Server. In Exchange 2016 and later, the CAS 
role is not available as a separate installation option. It is automatically installed as part of the 
Mailbox server role. Thus, you can connect the agent to any server running the Mailbox role. 


To connect Agent for Exchange to CAS 


1. Click Devices > Add. 

2. Click Microsoft Exchange Server. 

3. Click Exchange mailboxes. 
If no Agent for Exchange is registered on the management server, the software suggests that you 
install the agent. After the installation, repeat this procedure from step 1. 


10. 


[Optional] If multiple Agents for Exchange are registered on the management server, click Agent, 
and then change the agent that will perform the backup. 

In Client Access server, specify the fully qualified domain name (FQDN) of the machine where 
the Client Access role of Microsoft Exchange Server is enabled. 

In Exchange 2016 and later, the Client Access services are automatically installed as part of the 
Mailbox server role. Thus, you can specify any server running the Mailbox role. We refer to this 
server as CAS later in this section. 

In Authentication type, select the authentication type that is used by the CAS. You can select 
Kerberos (default) or Basic. 

[Only for basic authentication] Select which protocol will be used. You can select HTTPS (default) 
or HTTP. 

[Only for basic authentication with the HTTPS protocol] If the CAS uses an SSL certificate that was 
obtained from a certification authority, and you want the software to check the certificate when 
connecting to the CAS, select the Check SSL certificate check box. Otherwise, skip this step. 
Provide the credentials of an account that will be used to access the CAS. The requirements for 
this account are listed in "Required user rights". 

Click Add. 


As aresult, the mailboxes appear under Devices > Microsoft Exchange > Mailboxes. 


13.8.1 Selecting Exchange Server mailboxes 


Select the mailboxes as described below, and then specify other settings of the backup plan as 


appropriate. 


To select Exchange mailboxes 


de 


Click Devices > Microsoft Exchange. 

The software shows the tree of Exchange databases and mailboxes. 

Click Mailboxes, and then select the mailboxes that you want to back up. 
Click Backup. 


13.8.2 Required user rights 


To access mailboxes, Agent for Exchange needs an account with the appropriate rights. You are 


prompted to specify this account when configuring various operations with mailboxes. 


Membership of the account in the Organization Management role group enables access to any 


mailbox, including mailboxes that will be created in the future. 


The minimum required user rights are as follows: 


The account must be a member of the Server Management and Recipient Management role 
groups. 

The account must have the ApplicationImpersonation management role enabled for all users or 
groups of users whose mailboxes the agent will access. 


For information about configuring the ApplicationImpersonation management role, refer to the 
following Microsoft knowledge base article: https://msdn.microsoft.com/en- 
us/library/office/dn722376.aspx. 


13.9 Recovering SQL databases 
This section describes recovery from both database backups and application-aware backups. 


You can recover SQL databases to a SQL Server instance, if Agent for SQL is installed on the machine 
running the instance. You will need to provide credentials for an account that is a member of the 
Backup Operators or Administrators group on the machine and a member of the sysadmin role 
on the target instance. 


Alternatively, you can recover the databases as files. This can be useful if you need to extract data for 
data mining, audit, or further processing by third-party tools. You can attach the SQL database files to 
a SQL Server instance, as described in "Attaching SQL Server databases". 


If you use only Agent for VMware (Windows), recovering databases as files is the only available 
recovery method. Recovering databases by using Agent for VMware (Virtual Appliance) is not 
possible. 


System databases are basically recovered in the same way as user databases. The peculiarities of 
system database recovery are described in "Recovering system databases". 


To recover SQL databases to a SQL Server instance 


1. Do one of the following: 

e When recovering from an application-aware backup, under Devices, select the machine that 
originally contained the data that you want to recover. 

e When recovering from a database backup, click Devices > Microsoft SQL, and then select the 
databases that you want to recover. 

2. Click Recovery. 
3. Select a recovery point. Note that recovery points are filtered by location. 

If the machine is offline, the recovery points are not displayed. Do one of the following: 

e [Only when recovering from an application-aware backup] If the backup location is cloud or 
shared storage (i.e. other agents can access it), click Select machine, select an online machine 
that has Agent for SQL, and then select a recovery point. 

e Select a recovery point on the Backups tab. 

The machine chosen for browsing in either of the above actions becomes a target machine for the 

SQL databases recovery. 

4. Do one of the following: 

e When recovering from an application-aware backup, click Recover > SQL databases, select 
the databases that you want to recover, and then click Recover. 

e When recovering from a database backup, click Recover > Databases to an instance. 


5. By default, the databases are recovered to the original ones. If the original database does not 


exist, it will be recreated. You can select another SQL Server instance (running on the same 
machine) to recover the databases to. 


To recover a database as a different one to the same instance: 


a. 
b. 


Click the database name. 

In Recover to, select New database. 

Specify the new database name. 

Specify the new database path and log path. The folder you specify must not contain the 
original database and log files. 


6. [Optional] [Not available for a database recovered to its original instance as a new database] To 
change the database state after recovery, click the database name, and then choose one of the 
following states: 


Ready to use (RESTORE WITH RECOVERY) (default) 

After the recovery completes, the database will be ready for use. Users will have full access to it. 
The software will roll back all uncommitted transactions of the recovered database that are 
stored in the transaction logs. You will not be able to recover additional transaction logs from 
the native Microsoft SQL backups. 

Non-operational (RESTORE WITH NORECOVERY) 

After the recovery completes, the database will be non-operational. Users will have no access to 
it. The software will keep all uncommitted transactions of the recovered database. You will be 
able to recover additional transaction logs from the native Microsoft SQL backups and thus 
reach the necessary recovery point. 

Read-only (RESTORE WITH STANDBY) 

After the recovery completes, users will have read-only access to the database. The software 
will undo any uncommitted transactions. However, it will save the undo actions in a temporary 
standby file so that the recovery effects can be reverted. 


This value is primarily used to detect the point in time when a SQL Server error occurred. 


7. Click Start recovery. 
The recovery progress is shown on the Activities tab. 
To recover SQL databases as files 


1. Do one of the following: 


When recovering from an application-aware backup, under Devices, select the machine that 
originally contained the data that you want to recover. 

When recovering from a database backup, click Devices > Microsoft SQL, and then select the 
databases that you want to recover. 


2. Click Recovery. 


3. Select a recovery point. Note that recovery points are filtered by location. 


If the machine is offline, the recovery points are not displayed. Do one of the following: 


[Only when recovering from an application-aware backup] If the backup location is cloud or 
shared storage (i.e. other agents can access it), click Select machine, select an online machine 


that has Agent for SQL or Agent for VMware, and then select a recovery point. 
e Select a recovery point on the Backups tab. 


The machine chosen for browsing in either of the above actions becomes a target machine for the 
SQL databases recovery. 


4. Do one of the following: 
e When recovering from an application-aware backup, click Recover > SQL databases, select 
the databases that you want to recover, and then click Recover as files. 
e When recovering from a database backup, click Recover > Databases as files. 
5. Click Browse, and then select a local or a network folder to save the files to. 


6. Click Start recovery. 
The recovery progress is shown on the Activities tab. 


13.9.1 Recovering system databases 


All system databases of an instance are recovered at once. When recovering system databases, the 
software automatically restarts the destination instance in the single-user mode. After the recovery 
completes, the software restarts the instance and recovers other databases (if any). 


Other things to consider when recovering system databases: 


e System databases can only be recovered to an instance of the same version as the original 
instance. 


e System databases are always recovered in the "ready to use" state. 


Recovering the master database 


System databases include the master database. The master database records information about all 
databases of the instance. Hence, the master database in a backup contains information about 
databases which existed in the instance at the time of the backup. After recovering the master 
database, you may need to do the following: 


e Databases that have appeared in the instance after the backup was done are not visible by the 
instance. To bring these databases back to production, attach them to the instance manually by 
using SQL Server Management Studio. 


e Databases that have been deleted after the backup was done are displayed as offline in the 
instance. Delete these databases by using SQL Server Management Studio. 


13.9.2 Attaching SQL Server databases 


This section describes how to attach a database in SQL Server by using SQL Server Management 
Studio. Only one database can be attached at a time. 


Attaching a database requires any of the following permissions: CREATE DATABASE, CREATE ANY 
DATABASE, or ALTER ANY DATABASE. Normally, these permissions are granted to the sysadmin 
role of the instance. 


To attach a database 


Run Microsoft SQL Server Management Studio. 

Connect to the required SQL Server instance, and then expand the instance. 

Right-click Databases and click Attach. 

Click Add. 

In the Locate Database Files dialog box, find and select the .mdf file of the database. 


In the Database Details section, make sure that the rest of database files (.ndf and .ldf files) are 
found. 
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Details. SQL Server database files may not be found automatically, if: 

e They are not in the default location, or they are not in the same folder as the primary database 
file (. mdf). Solution: Specify the path to the required files manually in the Current File Path 
column. 

e You have recovered an incomplete set of files that make up the database. Solution: Recover the 
missing SQL Server database files from the backup. 

7. When all of the files are found, click OK. 


13.10 Recovering Exchange databases 


This section describes recovery from both database backups and application-aware backups. 


You can recover Exchange Server data to a live Exchange Server. This may be the original Exchange 
Server or an Exchange Server of the same version running on the machine with the same fully 
qualified domain name (FQDN). Agent for Exchange must be installed on the target machine. 


The following table summarizes the Exchange Server data that you can select for recovery and the 
minimal user rights required to recover the data. 


Storage Membership in the Exchange Organization Administrators 


groups role group. 


2010/2013/2016/2019 Membership in the Server Management role group. 


Alternatively, you can recover the databases (storage groups) as files. The database files, along with 
transaction log files, will be extracted from the backup to a folder that you specify. This can be useful 
if you need to extract data for an audit or further processing by third-party tools, or when the 
recovery fails for some reason and you are looking for a workaround to mount the databases 
manually. 


If you use only Agent for VMware (Windows), recovering databases as files is the only available 
recovery method. Recovering databases by using Agent for VMware (Virtual Appliance) is not 
possible. 


We will refer to both databases and storage groups as "databases" throughout the below procedures. 


To recover Exchange databases to a live Exchange Server 


1. Do one of the following: 

e When recovering from an application-aware backup, under Devices, select the machine that 
originally contained the data that you want to recover. 

e When recovering from a database backup, click Devices > Microsoft Exchange > Databases, 
and then select the databases that you want to recover. 

2. Click Recovery. 
3. Select a recovery point. Note that recovery points are filtered by location. 

If the machine is offline, the recovery points are not displayed. Do one of the following: 

e [Only when recovering from an application-aware backup] If the backup location is cloud or 
shared storage (i.e. other agents can access it), click Select machine, select an online machine 
that has Agent for Exchange, and then select a recovery point. 

e Select a recovery point on the Backups tab. 

The machine chosen for browsing in either of the above actions becomes a target machine for the 

Exchange data recovery. 

4. Do one of the following: 

e When recovering from an application-aware backup, click Recover > Exchange databases, 
select the databases that you want to recover, and then click Recover. 

e When recovering from a database backup, click Recover > Databases to an Exchange 
server. 

5. By default, the databases are recovered to the original ones. If the original database does not 
exist, it will be recreated. 

To recover a database as a different one: 

a. Click the database name. 

b. In Recover to, select New database. 

Specify the new database name. 

d. Specify the new database path and log path. The folder you specify must not contain the 

original database and log files. 


6. Click Start recovery. 
The recovery progress is shown on the Activities tab. 
To recover Exchange databases as files 


1. Do one of the following: 
e When recovering from an application-aware backup, under Devices, select the machine that 
originally contained the data that you want to recover. 
e When recovering from a database backup, click Devices > Microsoft Exchange > Databases, 
and then select the databases that you want to recover. 
2. Click Recovery. 
3. Select a recovery point. Note that recovery points are filtered by location. 
If the machine is offline, the recovery points are not displayed. Do one of the following: 
e [Only when recovering from an application-aware backup] If the backup location is cloud or 
shared storage (i.e. other agents can access it), click Select machine, select an online machine 


that has Agent for Exchange or Agent for VMware, and then select a recovery point. 
e Select a recovery point on the Backups tab. 
The machine chosen for browsing in either of the above actions becomes a target machine for the 
Exchange data recovery. 
4. Do one of the following: 
e When recovering from an application-aware backup, click Recover > Exchange databases, 
select the databases that you want to recover, and then click Recover as files. 
e When recovering from a database backup, click Recover > Databases as files. 
5. Click Browse, and then select a local or a network folder to save the files to. 
6. Click Start recovery. 
The recovery progress is shown on the Activities tab. 


13.10.1 Mounting Exchange Server databases 


After recovering the database files, you can bring the databases online by mounting them. Mounting 
is performed by using Exchange Management Console, Exchange System Manager, or Exchange 
Management Shell. 


The recovered databases will be in a Dirty Shutdown state. A database that is in a Dirty Shutdown 
state can be mounted by the system if it is recovered to its original location (that is, information 
about the original database is present in Active Directory). When recovering a database to an 
alternate location (such as a new database or as the recovery database), the database cannot be 
mounted until you bring it to a Clean Shutdown state by using the Eseutil /r <Enn> command. 
<Enn> specifies the log file prefix for the database (or storage group that contains the database) into 
which you need to apply the transaction log files. 


The account you use to attach a database must be delegated an Exchange Server Administrator role 
and a local Administrators group for the target server. 


For details about how to mount databases, see the following articles: 


e Exchange 2010 or later: http://technet. microsoft.com/en-us/library/aa998871.aspx 
e Exchange 2007: http://technet.microsoft.com/en-us/library/aa99887 1 (v=EXCHG.80).aspx 


13.11 Recovering Exchange mailboxes and mailbox 
items 


This section describes how to recover Exchange mailboxes and mailbox items from database 
backups, from application-aware backups, and from mailbox backups. The mailboxes or mailbox 
items can be recovered to a live Exchange Server or to Microsoft Office 365. 


The following items can be recovered: 


e Mailboxes (except for archive mailboxes) 
e Public folders 


Public folder items 


Email folders 


e Email messages 
e Calendar events 
e Tasks 

e Contacts 

e Journal entries 


e Notes 


You can use search to locate the items. 


13.11.1 Recovery to an Exchange Server 


Granular recovery can be performed to Microsoft Exchange Server 2010 Service Pack 1 (SP1) and 
later. The source backup may contain databases or mailboxes of any supported Exchange version. 


Granular recovery can be performed by Agent for Exchange or Agent for VMware (Windows). The 
target Exchange Server and the machine running the agent must belong to the same Active Directory 
forest. 


When a mailbox is recovered to an existing mailbox, the existing items with matching IDs are 
overwritten. 


Recovery of mailbox items does not overwrite anything. Instead, the full path to a mailbox item is 
recreated in the target folder. 


Requirements on user accounts 
A mailbox being recovered from a backup must have an associated user account in Active Directory. 


User mailboxes and their contents can be recovered only if their associated user accounts are 
enabled. Shared, room, and equipment mailboxes can be recovered only if their associated user 
accounts are disabled. 


A mailbox that does not meet the above conditions is skipped during recovery. 


If some mailboxes are skipped, the recovery will succeed with warnings. If all mailboxes are skipped, 
the recovery will fail. 


13.11.2 Recovery to Office 365 


Recovery can be performed from backups of Microsoft Exchange Server 2010 and later. 


When a mailbox is recovered to an existing Office 365 mailbox, the existing items are kept intact, and 
the recovered items are placed next to them. 


When recovering a single mailbox, you need to select the target Office 365 mailbox. When recovering 
several mailboxes within one recovery operation, the software will try to recover each mailbox to the 
mailbox of the user with the same name. If the user is not found, the mailbox is skipped. If some 


mailboxes are skipped, the recovery will succeed with warnings. If all mailboxes are skipped, the 
recovery will fail. 


For more information about recovery to Office 365, refer to "Protecting Office 365 mailboxes". 


13.11.3 Recovering mailboxes 
To recover mailboxes from an application-aware backup or a database backup 


1. [Only when recovering from a database backup to Office 365] If Agent for Office 365 is not 
installed on the machine running Exchange Server that was backed up, do one of the following: 

e If there is not Agent for Office 365 in your organization, install Agent for Office 365 on the 
machine that was backed up (or on another machine with the same Microsoft Exchange Server 
version). 

e If you already have Agent for Office 365 in your organization, copy libraries from the machine 
that was backed up (or from another machine with the same Microsoft Exchange Server 
version) to the machine with Agent for Office 365, as described in "Copying Microsoft Exchange 
libraries". 

2. Do one of the following: 

e When recovering from an application-aware backup: under Devices, select the machine that 
originally contained the data that you want to recover. 

e When recovering from a database backup, click Devices > Microsoft Exchange > Databases, 
and then select the database that originally contained the data that you want to recover. 

Click Recovery. 

4. Select a recovery point. Note that recovery points are filtered by location. 

If the machine is offline, the recovery points are not displayed. Use other ways to recover: 

e [Only when recovering from an application-aware backup] If the backup location is cloud or 
shared storage (i.e. other agents can access it), click Select machine, select an online machine 
that has Agent for Exchange or Agent for VMware, and then select a recovery point. 

e Select a recovery point on the Backups tab. 

The machine chosen for browsing in either of the above actions will perform the recovery instead 

of the original machine that is offline. 

5. Click Recover > Exchange mailboxes. 
6. Select the mailboxes that you want to recover. 


You can search mailboxes by name. Wildcards are not supported. 


7. 
8. 


10. 


11. 


exw.win8.dcon.local © ® | 


Q t) Recover 
Type Name Email Size 4 

v úa Administrator Administrator@win8.dcon.local 
Éa EXW CFD7F4F9-LGU000000 CFD7F4F9-LGU000000@win8.dcon.local 
Éa EXW CFD7F4F9-LGU000001 CFD7F4F9-LGU000001 @win8.dcon.local 


Click Recover. 

[Only when recovering to Office 365]: 

a. In Recover to, select Microsoft Office 365. 

b. [If you selected only one mailbox in step 6] In Target mailbox, specify the target mailbox. 
c. Click Start recovery. 

Further steps of this procedure are not required. 


Click Target machine with Microsoft Exchange Server to select or change the target 
machine. This step allows recovery to a machine that is not running Agent for Exchange. 
Specify the fully qualified domain name (FQDN) of a machine where the Client Access role (in 
Microsoft Exchange Server 2010/2013) or Mailbox role (in Microsoft Exchange Server 2016 or 
later) is enabled. The machine must belong to the same Active Directory forest as the machine 
that performs the recovery. 

If prompted, provide the credentials of an account that will be used to access the machine. The 
requirements for this account are listed in "Required user rights". 

[Optional] Click Database to re-create any missing mailboxes to change the automatically 
selected database. 


Click Start recovery. 


The recovery progress is shown on the Activities tab. 
To recover a mailbox from a mailbox backup 


k 
2. 


Click Devices > Microsoft Exchange > Mailboxes. 

Select the mailbox to recover, and then click Recovery. 

You can search mailboxes by name. Wildcards are not supported. 

If the mailbox was deleted, select it on the Backups tab, and then click Show backups. 
Select a recovery point. Note that recovery points are filtered by location. 

Click Recover > Mailbox. 


Perform steps 8-11 of the above procedure. 


13.11.4 Recovering mailbox items 


To recover mailbox items from an application-aware backup or a database backup 


I 


[Only when recovering from a database backup to Office 365] If Agent for Office 365 is not 
installed on the machine running Exchange Server that was backed up, do one of the following: 


e If there is not Agent for Office 365 in your organization, install Agent for Office 365 on the 
machine that was backed up (or on another machine with the same Microsoft Exchange Server 
version). 

e If you already have Agent for Office 365 in your organization, copy libraries from the machine 
that was backed up (or from another machine with the same Microsoft Exchange Server 
version) to the machine with Agent for Office 365, as described in "Copying Microsoft Exchange 
libraries". 

Do one of the following: 

e When recovering from an application-aware backup: under Devices, select the machine that 
originally contained the data that you want to recover. 

e When recovering from a database backup, click Devices > Microsoft Exchange > Databases, 
and then select the database that originally contained the data that you want to recover. 

Click Recovery. 

Select a recovery point. Note that recovery points are filtered by location. 

If the machine is offline, the recovery points are not displayed. Use other ways to recover: 

e [Only when recovering from an application-aware backup] If the backup location is cloud or 
shared storage (i.e. other agents can access it), click Select machine, select an online machine 
that has Agent for Exchange or Agent for VMware, and then select a recovery point. 

e Select a recovery point on the Backups tab. 

The machine chosen for browsing in either of the above actions will perform the recovery instead 

of the original machine that is offline. 

Click Recover > Exchange mailboxes. 

Click the mailbox that originally contained the items that you want to recover. 

Select the items that you want to recover. 

The following search options are available. Wildcards are not supported. 

e For email messages: search by subject, sender, recipient, and date. 

e For events: search by title and date. 

e For tasks: search by subject and date. 

e For contacts: search by name, email address, and phone number. 

When an email message is selected, you can click Show content to view its contents, including 

attachments. 


Note 
Click the name of an attached file to download it. 


To be able to select folders, click the recover folders icon. 
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Click Recover. 


9. Torecover to Office 365, select Microsoft Office 365 in Recover to. 


10. 


11: 


12. 


13. 


To recover to an Exchange Server, keep the default Microsoft Exchange value in Recover to. 
[Only when recovering to an Exchange Server] Click Target machine with Microsoft Exchange 
Server to select or change the target machine. This step allows recovery to a machine that is not 
running Agent for Exchange. 

Specify the fully qualified domain name (FQDN) of a machine where the Client Access role (in 
Microsoft Exchange Server 2010/2013) or Mailbox role (in Microsoft Exchange Server 2016 or 
later) is enabled. The machine must belong to the same Active Directory forest as the machine 
that performs the recovery. 

If prompted, provide the credentials of an account that will be used to access the machine. The 
requirements for this account are listed in "Required user rights". 

In Target mailbox, view, change, or specify the target mailbox. 

By default, the original mailbox is selected. If this mailbox does not exist or a non-original target 
machine is selected, you must specify the target mailbox. 

[Only when recovering email messages] In Target folder, view or change the target folder in the 
target mailbox. By default, the Recovered items folder is selected. Due to Microsoft Exchange 
limitations, events, tasks, notes, and contacts are restored to their original location regardless of 
any different Target folder specified. 


Click Start recovery. 


The recovery progress is shown on the Activities tab. 
To recover a mailbox item from a mailbox backup 


1. 
2. 


Click Devices > Microsoft Exchange > Mailboxes. 

Select the mailbox that originally contained the items that you want to recover, and then click 
Recovery. 

You can search mailboxes by name. Wildcards are not supported. 

If the mailbox was deleted, select it on the Backups tab, and then click Show backups. 

Select a recovery point. Note that recovery points are filtered by location. 

Click Recover > Email messages. 

Select the items that you want to recover. 


The following search options are available. Wildcards are not supported. 


e For email messages: search by subject, sender, recipient, and date. 
e For events: search by title and date. 

e For tasks: search by subject and date. 

e For contacts: search by name, email address, and phone number. 


When an email message is selected, you can click Show content to view its contents, including 
attachments. 


Note 
Click the name of an attached file to download it. 


When an email message is selected, you can click Send as email to send the message to an email 
address. The message is sent from your administrator account's email address. 


V an 
To be able to select folders, click the recover folders icon: “ = 


6. Click Recover. 


7. Perform steps 9-13 of the above procedure. 


13.11.5 Copying Microsoft Exchange Server libraries 


When recovering Exchange mailboxes or mailbox items to Office 365, you may need to copy the 
following libraries from the machine that was backed up (or from another machine with the same 
Microsoft Exchange Server version) to the machine with Agent for Office 365. 


Copy the following files, according to the Microsoft Exchange Server version that was backed up. 


Microsoft Exchange Server Libraries Default location 
version 


ese.dll 

, i %ProgramFiles%\Microsoft\Exchange 
Microsoft Exchange Server 2010 esebcli2.dll , 
Server\V14\bin 


store.exe 


ese.dll %ProgramFiles%\Microsoft\Exchange 
Server\V15\bin 


msvcr110.dll %WINDIR%\system32 


Microsoft Exchange Server 2013 


ese.dll %ProgramFiles%\Microsoft\Exchange 
Server\V15\bin 


Microsoft Exchange Server 2016, 


Microsoft Exchange Server 2019 msvcr110.dll 
%WINDIR%\system32 


msvcp1 10.dll 


The libraries should be placed in the folder %ProgramData%\Acronis\ese. If this folder does not 
exist, create it manually. 


13.12 Changing the SQL Server or Exchange Server 
access credentials 


You can change access credentials for SQL Server or Exchange Server without re-installing the agent. 
To change the SQL Server or Exchange Server access credentials 


1. Click Devices, and then click Microsoft SQL or Microsoft Exchange. 
2. Select the Always On Availability Group, Database Availability Group, SQL Server instance, or 
Exchange Server for which you want to change the access credentials. 


3. Click Specify credentials. 
4. Specify the new access credentials, and then click OK. 


To change the Exchange Server access credentials for mailbox backup 


Click Devices > Microsoft Exchange, and then expand Mailboxes. 

Select the Exchange Server for which you want to change the access credentials. 

Click Settings. 

Under Exchange administrator account, specify the new access credentials, and then click 


AOW N > 


Save. 


14 Protecting Office 365 mailboxes 


Important 
This section is valid for on-premises deployments of Acronis Cyber Backup. If you are using a cloud 


deployment, please refer to 
https://www.acronis.com/support/documentation/BackupService/index.html#37287.html. 


14.1 Why back up Office 365 mailboxes? 


Even though Microsoft Office 365 is a cloud service, regular backups provide an additional layer of 
protection from user errors and intentional malicious actions. You can recover deleted items from a 
backup even after the Office 365 retention period has expired. Also, you can keep a local copy of the 
Office 365 mailboxes if it is required by a regulatory compliance. 


14.2 What do | need to back up the mailboxes? 


To back up and recover Office 365 mailboxes, you must be assigned the global administrator role in 
Microsoft Office 365. 


To add a Microsoft Office 365 organization 


1. Install Agent for Office 365 on a Windows machine that is connected to the Internet. There must 
be only one Agent for Office 365 in an organization. 
2. Depending on the authentication method that you use: 

a. If you use basic authentication: On the Microsoft Office 365 page of the web interface, enter 
the Office 365 global administrator credentials, and then click OK. 

The agent will log in to Office 365 by using this account. To enable the agent to access the 
contents of all mailboxes, this account will be assigned the ApplicationImpersonation 
management role. 

b. If you use modern authentication: On the Microsoft Office 365 page of the web interface, 
enter your application ID, application secret, and Microsoft 365 tenant ID, and then click Sign 
in. For more information on how to find these, refer to Obtaining application ID and 
application secret. 


As a result, your organization data items appear in the backup console on the Microsoft Office 365 


page. 


14.3 Recovery 
The following items can be recovered from a mailbox backup: 


e Mailboxes 
e Email folders 
e Email messages 


Calendar events 
Tasks 

Contacts 
Journal entries 


Notes 


You can use search to locate the items. 


Recovery can be performed to Microsoft Office 365 or to a live Exchange Server. 


When a mailbox is recovered to an existing Office 365 mailbox, the existing items with matching IDs 
are overwritten. When a mailbox is recovered to an existing Exchange Server mailbox, the existing 


items are kept intact. The recovered items are placed next to them. 


Recovery of mailbox items does not overwrite anything. Instead, the full path to a mailbox item is 


recreated in the target folder. 


14.4 Limitations 


Applying a protection plan to more than 500 mailboxes may cause backup performance 
degradation. To protect a large number of mailboxes, create several protection plans and schedule 
them to run at different times. 

Archive mailboxes (In-Place Archive) cannot be backed up. 

A mailbox backup includes only folders visible to users. The Recoverable items folder and its 
subfolders (Deletions, Versions, Purges, Audits, DiscoveryHold, Calendar Logging) are not 
included in a mailbox backup. 

Recovery to anew Office 365 mailbox is not possible. You must first create a new Office 365 user 
manually, and then recover items to this user's mailbox. 

Recovery to a different Microsoft Office 365 organization is not supported. 

Some item types or properties supported by Office 365 may not be supported by Exchange 
Server. They will be skipped during recovery to Exchange Server. 


14.5 Selecting mailboxes 


Select the mailboxes as described below, and then specify other settings of the backup plan as 


appropriate. 


To select mailboxes 


1 

2. 
3. 
4 


Click Microsoft Office 365. 

If prompted, sign in as a global administrator to Microsoft Office 365. 
Select the mailboxes that you want to back up. 

Click Backup. 


14.6 Recovering mailboxes and mailbox items 


14.6.1 Recovering mailboxes 


1. 


[Only when recovering to an Exchange Server] Ensure that there is an Exchange user with the 
same logon name as the username of the user whose mailbox is being recovered. If not, create 
the user. Other requirements for this user are described in "Recovering Exchange mailboxes and 
mailbox items" under "Requirements on user accounts". 

Click Devices > Microsoft Office 365. 

Select the mailbox to recover, and then click Recovery. 

You can search mailboxes by name. Wildcards are not supported. 

If the mailbox was deleted, select it on the Backups tab, and then click Show backups. 

Select a recovery point. Note that recovery points are filtered by location. 

Click Recover > Mailbox. 

To recover to an Exchange Server, select Microsoft Exchange in Recover to. Continue recovery 
as described in "Recovering mailboxes", starting from step 9. Further steps of this procedure are 
not required. 

To recover to Office 365, keep the default Microsoft Office 365 value in Recover to. 

In Target mailbox, view, change, or specify the target mailbox. 


By default, the original mailbox is selected. If this mailbox does not exist, you must specify the 
target mailbox. 


Click Start recovery. 


14.6.2 Recovering mailbox items 


At 


[Only when recovering to an Exchange Server] Ensure that there is an Exchange user with the 
same logon name as the username of the user whose mailbox items are being recovered. If not, 
create the user. Other requirements for this user are described in "Recovering Exchange mailboxes 
and mailbox items" under "Requirements on user accounts". 

Click Devices > Microsoft Office 365. 

Select the mailbox that originally contained the items that you want to recover, and then click 
Recovery. 

You can search mailboxes by name. Wildcards are not supported. 

If the mailbox was deleted, select it on the Backups tab, and then click Show backups. 

Select a recovery point. Note that recovery points are filtered by location. 

Click Recover > Email messages. 

Select the items that you want to recover. 

The following search options are available. Wildcards are not supported. 

e For email messages: search by subject, sender, recipient, and date. 

e For events: search by title and date. 


e For tasks: search by subject and date. 
e For contacts: search by name, email address, and phone number. 


When an email message is selected, you can click Show content to view its contents, including 
attachments. 


Note 
Click the name of an attached file to download it. 


When an email message is selected, you can click Send as email to send the message to an email 
address. The message is sent from your administrator account's email address. 


ff =n 
To be able to select folders, click the "recover folders" icon: “ = 


Click Recover. 


8. To recover to an Exchange Server, select Microsoft Exchange in Recover to. 


10. 


11. 


12. 


To recover to Office 365, keep the default Microsoft Office 365 value in Recover to. 

[Only when recovering to an Exchange Server] Click Target machine with Microsoft Exchange 
Server to select or change the target machine. This step allows recovery to a machine that is not 
running Agent for Exchange. 

Specify the fully qualified domain name (FQDN) of the machine where the Client Access role of 
Microsoft Exchange Server is enabled. The machine must belong to the same Active Directory 
forest as the machine that performs the recovery. 

If prompted, provide the credentials of an account that will be used to access the machine. The 
requirements for this account are listed in "Required user rights". 

In Target mailbox, view, change, or specify the target mailbox. 

By default, the original mailbox is selected. If this mailbox does not exist, you must specify the 
target mailbox. 

[Only when recovering email messages] In Target folder, view or change the target folder in the 
target mailbox. By default, the Recovered items folder is selected. 


Click Start recovery. 


14.7 Changing the Office 365 access credentials 


You can change access credentials for Office 365 without re-installing the agent. 


To change the Office 365 access credentials 


1 

2. 
3. 
4 


Click Devices > Microsoft Office 365. 

Select the Office 365 organization. 

Click Specify credentials. 

Enter your application ID, application secret, and Microsoft 365 tenant ID. For more information 
on how to find these, refer to Obtaining application ID and application secret. 


Click Sign in. 


15 Protecting G Suite data 


This feature is available only in cloud deployments of Acronis Cyber Backup. For a detailed 
description of this functionality, please refer to 
https://www.acronis.com/support/documentation/BackupService/index. html#33827.html. 
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16 Protecting Oracle Database 


Protection of Oracle Database is described in a separate document available at https://d|. managed- 
protection.com/u/pdf/AcronisCyberBackup_12.5_OracleBackup_whitepaper. pdf 


Note 
This functionality is not available in the Standard edition of Acronis Cyber Backup. 
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17 Active Protection 


Note 
In cloud deployments, some of the features described in this section might not be available or might 
be different. 


Active Protection protects a system from ransomware and cryptocurrency mining malware. 
Ransomware encrypts files and demands a ransom for the encryption key. Cryptomining malware 
performs mathematical calculations in the background, thus stealing the processing power and 
network traffic. 


Active Protection is available for machines running Windows 7 and later, Windows Server 2008 R2 
and later. Agent for Windows must be installed on the machine. 


17.1 How it works 


Active Protection monitors processes running on the protected machine. When a third-party process 
tries to encrypt files or mine cryptocurrency, Active Protection generates an alert and performs 
additional actions, if those are specified by the configuration. 


In addition, Active Protection prevents unauthorized changes to the backup software's own 
processes, registry records, executable and configuration files, and backups located in local folders. 


To identify malicious processes, Active Protection uses behavioral heuristics. Active Protection 
compares the chain of actions performed by a process with the chains of events recorded in the 
database of malicious behavior patterns. This approach enables Active Protection to detect new 
malware by its typical behavior. 


17.2 Active Protection settings 


To minimize resources consumed by the heuristic analysis, and to eliminate so-called false positives, 
when a trusted program is considered as ransomware, you can define the following settings: 


e Trusted processes that are never considered ransomware. Processes signed by Microsoft are 
always trusted. 

e Harmful processes that are always considered ransomware. These processes will not be able to 
start as long as Active Protection is enabled on the machine. 


e Folders where file changes will not be monitored. 


Specify the full path to the process executable, starting with the drive letter. For example: 
C: \Windows\Temp\er76s7sdkh. exe. 


For specifying folders, you can use the wildcard characters * and ?. The asterisk (*) substitutes for 
zero or more characters. The question mark (?) substitutes for exactly one character. Environment 
variables, such as %AppData%, cannot be used. 


17.3 Active Protection plan 


All settings of Active Protection are contained in the Active Protection plan. This plan can be applied 
to multiple machines. 


There can be only one Active Protection plan in an organization. If the organization has units, unit 
administrators are not allowed to apply, edit, or revoke the plan. 


17.4 Applying the Active Protection plan 


1. Select the machines for which you want to enable Active Protection. 
2. Click Active Protection. 
3. [Optional] Click Edit to modify the following settings: 
e In Action on detection, select the action that the software will perform when detecting a 
ransomware activity, and then click Done. You can select one of the following: 
o Notify only (default) 
The software will generate an alert about the process. 
o Stop the process 
The software will generate an alert and stop the process. 
o Revert using cache 
The software will generate an alert, stop the process, and revert the file changes by using the 
service cache. 


e In Harmful processes, specify harmful processes that will always be considered ransomware, 
and then click Done. 

e In Trusted processes, specify trusted processes that will never be considered ransomware, 
and then click Done. Processes signed by Microsoft are always trusted. 


e In Folder exclusions, specify a list of folders where file changes will not be monitored, and 
then click Done. 
e Disable the Self-protection switch. 
Self-protection prevents unauthorized changes to the software's own processes, registry 
records, executable and configuration files, and backups located in local folders. We do not 
recommend disabling this feature. 
e Change Protection options. 
4. Ifyou modified the settings, click Save changes. The changes will be applied to all machines 
where Active Protection is enabled. 
5. Click Apply. 


17.5 Protection options 


17.5.1 Backups 


This option is effective when Self-protection is enabled in the Active Protection plan. 


This option applies to files that have extensions .tibx, .tib, .tia, and are located in local folders. 


This option lets you specify the processes that are allowed to modify the backup files, even though 
these files are protected by self-protection. This comes in handy, for example, if you delete backup 
files or move them to a different location by using a script. 


The preset is: Enabled. 


If this option is enabled, the backup files can be modified only by processes signed by the backup 
software vendor. This allows the software to apply retention rules and to delete backups when a user 
requests this from the web interface. Other processes, no matter suspicious or not, cannot modify 
the backups. 


If this option is disabled, you can allow other processes to modify the backups. Specify the full path 
to the process executable, starting with the drive letter. 


17.5.2 Cryptomining protection 
This option defines whether Active Protection detects potential cryptomining malware. 
The preset is: Disabled. 


If a cryptomining activity is detected, the selected Action on detection is performed (except 
reverting files from cache, as there is nothing to revert). 


Cryptomining malware degrades performance of useful applications, increases electricity bills, may 
cause system crashes and even hardware damage due to abuse. We recommend that you add 
cryptomining malware to the Harmful processes list to prevent it from running. 


17.5.3 Mapped drives 


This option defines whether Active Protection protects network folders that are mapped as local 
drives. 


This option applies to folders shared via SMB or NFS. 
The preset is: Enabled. 


If a file was originally located on a mapped drive, it cannot be saved to the original location when 
extracted from the cache by the Revert using cache action. Instead, it will be saved to the folder 
specified in this option's settings. The default folder is C:\ProgramData\Acronis\Restored 
Network Files. If this folder does not exist, it will be created. If you want to change this path, be sure 
to specify a local folder. Network folders, including folders on mapped drives, are not supported. 


18 Special operations with virtual machines 


18.1 Running a virtual machine from a backup (Instant 
Restore) 


Note 
This functionality is available only with the Acronis Cyber Backup Advanced license. 


You can run a virtual machine from a disk-level backup that contains an operating system. This 
operation, also known as instant recovery, enables you to spin up a virtual server in seconds. The 
virtual disks are emulated directly from the backup and thus do not consume space on the datastore 
(storage). The storage space is required only to keep changes to the virtual disks. 


We recommend running this temporary virtual machine for up to three days. Then, you can 
completely remove it or convert it to a regular virtual machine (finalize) without downtime. 


As long as the temporary virtual machine exists, retention rules cannot be applied to the backup 
being used by that machine. Backups of the original machine can continue to run. 


18.1.1 Usage examples 


e Disaster recovery 
Instantly bring a copy of a failed machine online. 

e Testing a backup 
Run the machine from the backup and ensure that the guest OS and applications are functioning 
properly. 

e Accessing application data 
While the machine is running, use application's native management tools to access and extract the 
required data. 


18.1.2 Prerequisites 


e At least one Agent for VMware or Agent for Hyper-V must be registered in the backup service. 

e The backup can be stored in a network folder, on a storage node, or in a local folder of the machine 
where Agent for VMware or Agent for Hyper-V is installed. If you select a network folder, it must be 
accessible from that machine. A virtual machine can also be run from a backup stored in the cloud 
storage, but it works slower because this operation requires intense random-access reading from 
the backup. A virtual machine cannot be run from a backup stored on an SFTP server, a tape 
device, or in Secure Zone. 

e The backup must contain an entire machine or all of the volumes that are required for the 
operating system to start. 


e Backups of both physical and virtual machines can be used. Backups of Virtuozzo containers 
cannot be used. 

e Backups that contain Linux logical volumes (LVM) must be created by Agent for VMware or Agent 
for Hyper-V. The virtual machine must be of the same type as the original machine (ESXi or Hyper- 
V). 


18.1.3 Running the machine 


1. Do one of the following: 
e Select a backed-up machine, click Recovery, and then select a recovery point. 
e Select arecovery point on the Backups tab. 

2. Click Run as VM. 
The software automatically selects the host and other required parameters. 


xX Run 'Windows 8 x64' as VM 


TADCET MAAF LI ~ 


At 


Windows 8 x64_temp on 1@BOGekiiet 82 


datastore3 


VM SETTING 
Memory: 2.00 GB 
Network adapters: 1 


3. [Optional] Click Target machine, and then change the virtual machine type (ESXi or Hyper-V), the 
host, or the virtual machine name. 

4, [Optional] Click Datastore for ESXi or Path for Hyper-V, and then select the datastore for the 
virtual machine. 
Changes to the virtual disks accumulate while the machine is running. Ensure that the selected 
datastore has enough free space. If you are planning to preserve these changes by making the 
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virtual machine permanent, select a datastore that is suitable for running the machine in 
production. 

5. [Optional] Click VM settings to change the memory size and network connections of the virtual 
machine. 


[Optional] Select the VM power state (On/Off). 


Click Run now. 


As a result, the machine appears in the web interface with one of the following icons: or 
r Such virtual machines cannot be selected for backup. 


18.1.4 Deleting the machine 


We do not recommend to delete a temporary virtual machine directly in vSphere/Hyper-V. This may 
lead to artifacts in the web interface. Also, the backup from which the machine was running may 
remain locked for a while (it cannot be deleted by retention rules). 


To delete a virtual machine that is running from a backup 


1. On the All devices tab, select a machine that is running from a backup. 
2. Click Delete. 


The machine is removed from the web interface. It is also removed from the vSphere or Hyper-V 
inventory and datastore (storage). All changes that occurred to the data while the machine was 
running are lost. 


18.1.5 Finalizing the machine 


While a virtual machine is running from a backup, the virtual disks' content is taken directly from that 
backup. Therefore, the machine will become inaccessible or even corrupted if the connection is lost to 
the backup location or to the backup agent. 


For an ESXi machine, you have the option to make this machine permanent, i.e. recover all of its 
virtual disks, along with the changes that occurred while the machine was running, to the datastore 
that stores these changes. This process is named finalization. 


Finalization is performed without downtime. The virtual machine will not be powered off during 
finalization. 


To finalize a machine that is running from a backup 


On the All devices tab, select a machine that is running from a backup. 
Click Finalize. 
[Optional] Specify a new name for the machine. 


[Optional] Change the disk provisioning mode. The default setting is Thin. 
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Click Finalize. 


The machine name changes immediately. The recovery progress is shown on the Activities tab. Once 
the recovery is completed, the machine icon changes to that of a regular virtual machine. 


What you need to know about finalization 


Finalization vs. regular recovery 


The finalization process is slower than a regular recovery for the following reasons: 


e During a finalization, the agent performs random access to different parts of the backup. When an 
entire machine is being recovered, the agent reads data from the backup sequentially. 

e If the virtual machine is running during the finalization, the agent reads data from the backup 
more often, to maintain both processes simultaneously. During a regular recovery, the virtual 
machine is stopped. 


Finalization of machines running from cloud backups 


Because of intensive access to the backed-up data, the finalization speed highly depends on the 
connection bandwidth between the backup location and the agent. The finalization will be slower for 
backups located in the cloud as compared to local backups. If the Internet connection is very slow or 
unstable, the finalization of a machine running from a cloud backup may fail. We recommend to run 
virtual machines from local backups if you are planning to perform finalization and have the choice. 


18.2 Working in VMware vSphere 


This section describes operations that are specific for VMware vSphere environments. 


18.2.1 Replication of virtual machines 
Replication is available only for VMware ESXi virtual machines. 


Replication is the process of creating an exact copy (replica) of a virtual machine, and then 
maintaining the replica in sync with the original machine. By replicating a critical virtual machine, you 
will always have a copy of this machine in a ready-to-start state. 


The replication can be started manually or on the schedule you specify. The first replication is full 
(copies the entire machine). All subsequent replications are incremental and are performed with 
Changed Block Tracking, unless this option is disabled. 


Replication vs. backing up 


Unlike scheduled backups, a replica keeps only the latest state of the virtual machine. A replica 
consumes datastore space, while backups can be kept on a cheaper storage. 


However, powering on a replica is much faster than a recovery and faster than running a virtual 
machine from a backup. When powered on, a replica works faster than a VM running from a backup 
and does not load the Agent for VMware. 


Usage examples 


Replicate virtual machines to a remote site. 

Replication enables you to withstand partial or complete datacenter failures, by cloning the virtual 
machines from a primary site to a secondary site. The secondary site is usually located in a remote 
facility that is unlikely to be affected by environmental, infrastructure, or other factors that might 
cause the primary site failure. 

Replicate virtual machines within a single site (from one host/datastore to another). 


Onsite replication can be used for high availability and disaster recovery scenarios. 


What you can do with a replica 


Test a replica 

The replica will be powered on for testing. Use vSphere Client or other tools to check if the replica 
works correctly. Replication is suspended while testing is in progress. 

Failover to a replica 

Failover is a transition of the workload from the original virtual machine to its replica. Replication is 
suspended while a failover is in progress. 

Back up the replica 

Both backup and replication require access to virtual disks, and thus impact the performance of 
the host where the virtual machine is running. If you want to have both a replica and backups of a 
virtual machine, but don't want to put additional load on the production host, replicate the 
machine to a different host, and set up backups of the replica. 


Restrictions 


The following types of virtual machines cannot be replicated: 


Fault-tolerant machines running on ESXi 5.5 and lower. 
Machines running from backups. 


Replicas of virtual machines. 


Creating a replication plan 


A replication plan must be created for each machine individually. It is not possible to apply an existing 


plan to other machines. 


To create a replication plan 


1. 
2. 


Select a virtual machine to replicate. 

Click Replication. 

The software displays a new replication plan template. 

[Optional] To modify the replication plan name, click the default name. 


Click Target machine, and then do the following: 


a. Select whether to create a new replica or use an existing replica of the original machine. 


b. Select the ESXi host and specify the new replica name, or select an existing replica. 


The default name of a new replica is [Original Machine Name] replica. 
c. Click OK. 


[Only when replicating to a new machine] Click Datastore, and then select the datastore for the 
virtual machine. 


[Optional] Click Schedule to change the replication schedule. 

By default, replication is performed on a daily basis, Monday to Friday. You can select the time to 

run the replication. 

If you want to change the replication frequency, move the slider, and then specify the schedule. 

You can also do the following: 

e Set a date range for when the schedule is effective. Select the Run the plan within a date 
range check box, and then specify the date range. 

e Disable the schedule. In this case, replication can be started manually. 

[Optional] Click the gear icon to modify the replication options. 

Click Apply. 


[Optional] To run the plan manually, click Run now on the plan panel. 


As a result of running a replication plan, the virtual machine replica appears in the All devices list 


with the following Mal 


Testing a replica 


To prepare a replica for testing 


1 
2 
3. 
4 


. Select whether to connect the powered-on replica to a network. By default, the replica will not be 
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6. 


. Select a replica to test. 


Click Test replica. 
Click Start testing. 


connected to a network. 


. [Optional] If you chose to connect the replica to the network, select the Stop original virtual 


machine check box to stop the original machine before powering on the replica. 
Click Start. 


To stop testing a replica 


1 
2 
3. 
4 


. Select a replica for which testing is in progress. 


Click Test replica. 
Click Stop testing. 


Confirm your decision. 


Failing over to a replica 


To failover a machine to a replica 


wen = 


6. 


Select a replica to failover to. 

Click Replica actions. 

Click Failover. 

Select whether to connect the powered-on replica to a network. By default, the replica will be 
connected to the same network as the original machine. 

[Optional] If you chose to connect the replica to the network, clear the Stop original virtual 
machine check box to keep the original machine online. 

Click Start. 


While the replica is in a failover state, you can choose one of the following actions: 


Stop failover 

Stop failover if the original machine was fixed. The replica will be powered off. Replication will be 
resumed. 

Perform permanent failover to the replica 

This instant operation removes the 'replica' flag from the virtual machine, so that replication to it is 
no longer possible. If you want to resume replication, edit the replication plan to select this 
machine as a source. 

Failback 

Perform failback if you failed over to the site that is not intended for continuous operations. The 
replica will be recovered to the original or a new virtual machine. Once the recovery to the original 
machine is complete, it is powered on and replication is resumed. If you choose to recover to a new 
machine, edit the replication plan to select this machine as a source. 


Stopping failover 


To stop a failover 


1 
2. 
3. 
4 


Select a replica that is in the failover state. 
Click Replica actions. 
Click Stop failover. 


Confirm your decision. 


Performing a permanent failover 


To perform a permanent failover 
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Select a replica that is in the failover state. 

Click Replica actions. 

Click Permanent failover. 

[Optional] Change the name of the virtual machine. 

[Optional] Select the Stop original virtual machine check box. 
Click Start. 


Failing back 
To failback from a replica 


1. Select a replica that is in the failover state. 
2. Click Replica actions. 
3. Click Failback from replica. 
The software automatically selects the original machine as the target machine. 
4. [Optional] Click Target machine, and then do the following: 
a. Select whether to failback to a new or existing machine. 
b. Select the ESXi host and specify the new machine name, or select an existing machine. 
c. Click OK. 
5. [Optional] When failing back to a new machine, you can also do the following: 
e Click Datastore to select the datastore for the virtual machine. 
e Click VM settings to change the memory size, the number of processors, and the network 
connections of the virtual machine. 
[Optional] Click Recovery options to modify the failback options. 
Click Start recovery. 


Confirm your decision. 


Replication options 


To modify the replication options, click the gear icon next to the replication plan name, and then click 
Replication options. 


Changed Block Tracking (CBT) 
This option is similar to the backup option "Changed Block Tracking (CBT)". 


Disk provisioning 
This option defines the disk provisioning settings for the replica. 
The preset is: Thin provisioning. 


The following values are available: Thin provisioning, Thick provisioning, Keep the original 
setting. 


Error handling 


This option is similar to the backup option "Error handling". 


Pre/Post commands 


This option is similar to the backup option "Pre/Post commands". 


Volume Shadow Copy Service VSS for virtual machines 


This option is similar to the backup option "Volume Shadow Copy Service VSS for virtual machines". 


Failback options 


To modify the failback options, click Recovery options when configuring failback. 


Error handling 


This option is similar to the recovery option "Error handling". 


Performance 


This option is similar to the recovery option "Performance". 


Pre/Post commands 


This option is similar to the recovery option "Pre/Post commands". 


VM power management 


This option is similar to the recovery option "VM power management". 


Seeding an initial replica 
To speed up replication to a remote location and save network bandwidth, you can perform replica 
seeding. 


Important 
To perform replica seeding, Agent for VMware (Virtual Appliance) must be running on the target ESXi. 


To seed an initial replica 


1. Do one of the following: 
e If the original virtual machine can be powered off, power it off, and then skip to step 4. 
e If the original virtual machine cannot be powered off, continue to the next step. 
2. Create a replication plan. 
When creating the plan, in Target machine, select New replica and the ESXi that hosts the 
original machine. 
3. Runthe plan once. 
A replica is created on the original ESXi. 
4. Export the virtual machine (or the replica) files to an external hard drive. 
a. Connect the external hard drive to the machine where vSphere Client is running. 
b. Connect vSphere Client to the original vCenter\ESXi. 
c. Select the newly created replica in the inventory. 
d. Click File > Export > Export OVF template. 


e. In Directory, specify the folder on the external hard drive. 
f. Click OK. 
5. Transfer the hard drive to the remote location. 
6. Import the replica to the target ESXi. 
a. Connect the external hard drive to the machine where vSphere Client is running. 
b. Connect vSphere Client to the target vCenter\ESXi. 
c. Click File > Deploy OVF template. 
d. InDeploy from a file or URL, specify the template that you exported in step 4. 
e. Complete the import procedure. 


7. Edit the replication plan that you created in step 2. In Target machine, select Existing replica, 
and then select the imported replica. 


As a result, the software will continue updating the replica. All replications will be incremental. 


18.2.2 LAN-free backup 


If your production ESXi hosts are so heavily loaded that running the virtual appliances is not 
desirable, consider installing Agent for VMware (Windows) on a physical machine outside the ESXi 
infrastructure. 


If your ESXi uses a SAN attached storage, install the agent on a machine connected to the same SAN. 
The agent will back up the virtual machines directly from the storage rather than via the ESXi host and 
LAN. This capability is called a LAN-free backup. 


The diagram below illustrates a LAN-based and a LAN-free backup. LAN-free access to virtual 
machines is available if you have a fibre channel (FC) or iSCSI Storage Area Network. To completely 
eliminate transferring the backed-up data via LAN, store the backups on a local disk of the agent's 
machine or on a SAN attached storage. 


LAN 


Agent for VMware 
(Windows) 


Directly attached SAN attached 
or SAN attached VM storage 
storage for backups 
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To enable the agent to access a datastore directly 


1. Install Agent for VMware on a Windows machine that has network access to the vCenter Server. 
2. Connect the logical unit number (LUN) that hosts the datastore to the machine. Consider the 
following: 
e Use the same protocol (i.e. iSCSI or FC) that is used for the datastore connection to the ESXi. 
e The LUN must not be initialized and must appear as an "offline" disk in Disk Management. If 
Windows initializes the LUN, it may become corrupted and unreadable by VMware vSphere. 
To avoid LUN initialization, the SAN Policy is automatically set to Offline All during the Agent 
for VMware (Windows) installation. 


As a result, the agent will use the SAN transport mode to access the virtual disks, i.e. it will read raw 
LUN sectors over iSCSI/FC without recognizing the VMFS file system (which Windows is not aware of). 


Limitations 


e In vSphere 6.0 and later, the agent cannot use the SAN transport mode if some of the VM disks are 
located on a VMwere Virtual Volume (VVol) and some are not. Backups of such virtual machines 
will fail. 

e Encrypted virtual machines, introduced in VMware vSphere 6.5, will be backed up via LAN, even if 
you configure the SAN transport mode for the agent. The agent will fall back on the NBD transport 
because VMware does not support SAN transport for backing up encrypted virtual disks. 
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Example 


If you are using an iSCSI SAN, configure the iSCSI initiator on the machine running Windows where 
Agent for VMware is installed. 


To configure the SAN policy 


1. 
2. 
3. 


Log on as an administrator, open the command prompt, type diskpart, and then press Enter. 
Type san, and then press Enter. Ensure that SAN Policy : Offline All is displayed. 

If another value for SAN Policy is set: 

a. Typesan policy=offlineall. 

b. Press Enter. 

c. To check that the setting has been applied correctly, perform step 2. 


d. Restart the machine. 


To configure an iSCSI initiator 


1. 


2. 


3. 


4, 


5. 


Go to Control Panel > Administrative Tools > iSCSI Initiator. 


Note 
To find the Administrative Tools applet, you may need to change the Control Panel view to 
something other than Home or Category, or use search. 


If this is the first time that Microsoft iSCSI Initiator is launched, confirm that you want to start the 
Microsoft iSCSI Initiator service. 

On the Targets tab, type the fully qualified domain name (FQDN) name or the IP address of the 
target SAN device, and then click Quick Connect. 

Select the LUN that hosts the datastore, and then click Connect. 

If the LUN is not displayed, ensure that the zoning on the iSCSI target enables the machine 
running the agent to access the LUN. The machine must be added to the list of allowed iSCSI 
initiators on this target. 

Click OK. 


The ready SAN LUN should appear in Disk Management as shown in the screenshot below. 
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18.2.3 Using SAN hardware snapshots 


If your VMware vSphere uses a storage area network (SAN) storage system as a datastore, you can 
enable Agent for VMware (Windows) to use SAN hardware snapshots when performing a backup. 


Important 
Only NetApp SAN storage is supported. 


Why use SAN hardware snapshots? 


Agent for VMware needs a virtual machine snapshot in order to create a consistent backup. Because 
the agent reads the virtual disk content from the snapshot, the snapshot must be kept for the whole 
duration of the backup process. 


By default, the agent uses native VMware snapshots created by the ESXi host. While the snapshot is 
kept, the virtual disk files are in the read-only state, and the host writes all changes done to the disks 
to separate delta files. Once the backup process is finished, the host deletes the snapshot, i.e. merges 
the delta files with the virtual disk files. 


Both maintaining and deleting the snapshot affect the virtual machine performance. With large 
virtual disks and fast data changes, these operations take a long time during which the performance 
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can degrade. In extreme cases, when several machines are backed up simultaneously, the growing 
delta files may nearly fill the datastore and cause all of the virtual machines to power off. 


You can reduce the hypervisor resource utilization by offloading the snapshots to the SAN. In this 
case, the sequence of operations is as follows: 


1. The ESXi takes a VMware snapshot in the beginning of the backup process, to bring the virtual 
disks to a consistent state. 


2. The SAN creates a hardware snapshot of the volume or LUN that contains the virtual machine and 
its VMware snapshot. This operation typically takes a few seconds. 
3. The ESXi deletes the VMware snapshot. Agent for VMware reads the virtual disk content from the 


SAN hardware snapshot. 


Because the VMware snapshot is maintained only for a few seconds, the virtual machine 
performance degradation is minimized. 


What do | need to use the SAN hardware snapshots? 


If you want to use the SAN hardware snapshots when backing up virtual machines, ensure that all of 
the following is true: 


e The NetApp SAN storage meets the requirements described in "NetApp SAN storage 
requirements". 


e The machine running Agent for VMware (Windows) is configured as described in "Configuring the 
machine running Agent for VMware". 


e The SAN storage is registered on the management server. 


e [If there are Agents for VMware that did not take part in the above registration] The virtual 
machines that reside on the SAN storage are assigned to the SAN-enabled agents, as described in 
"Virtual machine binding". 


e The "SAN hardware snapshots" backup option is enabled in the backup plan options. 


NetApp SAN storage requirements 


e The SAN storage must be used as an NFS or iSCSI datastore. 

e The SAN must run Data ONTAP 8.1 or later inthe Clustered Data ONTAP (cDOT) mode. The 7- 
mode mode is not supported. 

e Inthe NetApp OnCommand System Manager, the Snapshot copies > Configure > Make 
Snapshot directory (.snapshot) visible check box must be selected for the volume where the 
datastore is located. 


Configure Volume Snapshot Copies (x) 


@ Snapshot Reserves (%): |5 


W) Make Snapshot directory (.snapshot) visible 


Visibility of snapshot directory on this volume at the client mount points. 


I) Enable scheduled Snapshot Copies 
Snapshot Policies and Schedules 


Select a Snapshot policy that has desired schedules for Snapshot copies: 


Snapshot Policy: default |v 


Schedules of Selected Snapshot Policy: 


Schedule... Retained Sn... Schedule SnapMirror Label 
hourly 6 Advance cron - {Minu... 
weekly 2 On weekdays - Sunda... weekly 
daily 2 Daily - Run at 0 hour 1... daily 
Current Timezone: Etc/UTC 


Tell me more about Snapshot configurations 


| OK Ii Cancel l 


e [For NFS datastores] Access to NFS shares from Windows NFSv3 clients must be enabled on the 
Storage Virtual Machine (SVM) that was specified when creating the datastore. The access can be 
enabled by the following commana: 


vserver nfs modify -vserver [SVM name] -v3-ms-dos-client enable 


For more information, refer to the NetApp Best Practices document: 
https://kb.netapp.com/support/s/article/ka2 1A0000000k89QAA/top-windows-nfsv3-0-issues- 
workarounds-and-best-practices 

e [For iSCSI datastores] In the NetApp OnCommand System Manager, the Disable Space 
Reservation check box must be selected for the iSCSI LUN where the datastore is located. 
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Edit LUN x 
General || Initiator Groups 


Identification 


P= Name: lun_iscsi 


Description: 


l Type: VMware 
e) ze: l TB hd 


¥) Disable Space Reservation 
I 


allocated from its containing volume in advance. Instead, space is 
allocated from the volume when data is written to the LUN, if the 
volume can provide the space. 


isabled on a LUN, space for the LUN is not 


Tell me more about space reservation 


Save Save and Close Cancel 


Configuring the machine running Agent for VMware 


Depending on whether the SAN storage is used as an NFS or iSCSI datastore, refer to the 
corresponding section below. 


Configuring iSCSI Initiator 
Ensure that all of the following is true: 


e Microsoft iSCSI Initiator is installed. 


e The Microsoft iSCSI Initiator Service startup type is set to Automatic or Manual. This can be done 
in the Services snap-in. 


e The iSCSI initiator is configured as described in the example section of "LAN-free backup". 


Configuring NFS Client 


Ensure that all of the following is true: 


e Microsoft Services for NFS (in Windows Server 2008) or Client for NFS (in Windows Server 2012 
and later) is installed. 


e The NFS client is configured for anonymous access. This can be done as follows: 
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Open Registry Editor. 
b. Locate the following registry key: HKEY_LOCAL_ 
MACHINE\SOFTWARE\ Microsoft\ClientForNFS\CurrentVersion\Default 
In this key, create anew DWORD value named AnonymousUID and set its value data to 0. 
d. Inthe same key, create anew DWORD value named AnonymousGID and set its value data to 
0. 
e. Restart the machine. 


Registering SAN storage on the management server 


1. Click Settings > SAN storage. 

2. Click Add storage. 

3. [Optional] In Name, change the storage name. 
This name will be displayed on the SAN storage tab. 

4. In Host name or IP address, specify the NetApp Storage Virtual Machine (SVM, also known as a 
filer) that was specified when creating the datastore. 
To find the required information in VMware vSphere Web Client, select the datastore, and then 
click Configure > Device backing. The host name or IP address is displayed in the Server field. 


vmware’ vSphere Web Client 


Navigator 4 A NFssan | cP Q @ E | SGActions ~ 
| 4 Back Getting Started Summary Monitor | Configure | Permissions Files 
Ia afale 7 

v G) PM-VCENTER.corp.acronis.com 

> EJ AaaS General 


> ED New Folder ee TOOT OSS eas 
v [fq DemoDC Connectivity with Hosts 
g datastore1 
g datastore1 (1) 
H datastore2 
l > fa PM 


5. In User name and Password, specify the SVM administrator credentials. 


Important 
The specified account must be a local administrator on the SVM, rather than entire NetApp 


system management administrator. 


You can specify an existing user or create a new one. To create a new user, in the NetApp 
OnCommand System Manager, navigate to Configuration > Security > Users, and then create a 
new user. 

6. Select one or more Agent for VMware (Windows) which will be given the read permission for the 
SAN device. 

7. Click Add. 
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18.2.4 Using a locally attached storage 


You can attach an additional disk to Agent for VMware (Virtual Appliance) so the agent can back up to 
this locally attached storage. This approach eliminates the network traffic between the agent and the 
backup location. 


A virtual appliance that is running on the same host or cluster with the backed-up virtual machines 
has direct access to the datastore(s) where the machines reside. This means the appliance can attach 
the backed-up disks by using the HotAdd transport, and therefore the backup traffic is directed from 
one local disk to another. If the datastore is connected as Disk/LUN rather than NFS, the backup will 
be completely LAN-free. In the case of NFS datastore, there will be network traffic between the 
datastore and the host. 


Using a locally attached storage presumes that the agent always backs up the same machines. If 
multiple agents work within the vSphere, and one or more of them use locally attached storages, you 
need to manually bind each agent to all machines it has to back up. Otherwise, if the machines are 
redistributed among the agents by the management server, a machine's backups may be dispersed 
over multiple storages. 


You can add the storage to an already working agent or when deploying the agent from an OVF 
template. 


To attach a storage to an already working agent 


1. In VMware vSphere inventory, right click the Agent for VMware (Virtual Appliance). 
2. Add the disk by editing the settings of the virtual machine. The disk size must be at least 10 GB. 


Warning! 
Be careful when adding an already existing disk. Once the storage is created, all data previously 
contained on this disk will be lost. 


3. Go to the virtual appliance console. The Create storage link is available at the bottom of the 
screen. If it is not, click Refresh. 

4. Click the Create storage link, select the disk and specify a label for it. The label length is limited to 
16 characters, due to file system restrictions. 


To select a locally attached storage as a backup destination 


When creating a backup plan, in Where to back up, select Local folders, and then type the letter 
corresponding to the locally attached storage, for example, D:\. 


18.2.5 Virtual machine binding 


This section gives you an overview of how the management server organizes the operation of 
multiple agents within VMware vCenter. 


The below distribution algorithm works for both virtual appliances and agents installed in Windows. 


Distribution algorithm 


The virtual machines are automatically evenly distributed between Agents for VMware. By evenly, we 
mean that each agent manages an equal number of machines. The amount of storage space 
occupied by a virtual machine is not counted. 


However, when choosing an agent for a machine, the software tries to optimize the overall system 
performance. In particular, the software considers the agent and the virtual machine location. An 
agent hosted on the same host is preferred. If there is no agent on the same host, an agent from the 
same cluster is preferred. 


Once a virtual machine is assigned to an agent, all backups of this machine are delegated to this 
agent. 


Redistribution 


Redistribution takes place each time the established balance breaks, or, more precisely, when a load 
imbalance among the agents reaches 20 percent. This may happen when a machine or an agent is 
added or removed, or a machine migrates to a different host or cluster, or if you manually bind a 
machine to an agent. If this happens, the management server redistributes the machines using the 
same algorithm. 


For example, you realize that you need more agents to help with throughput and deploy an 
additional virtual appliance to the cluster. The management server will assign the most appropriate 
machines to the new agent. The old agents' load will reduce. 


When you remove an agent from the management server, the machines assigned to the agent are 
distributed among the remaining agents. However, this will not happen if an agent gets corrupted or 
is deleted from manually from vSphere. Redistribution will start only after you remove such agent 
from the web interface. 


Viewing the distribution result 
You can view the result of the automatic distribution: 


e inthe Agent column for each virtual machine on the All devices section 
e inthe Assigned virtual machines section of the Details panel when an agent is selected in the 
Settings > Agents section 


Manual binding 


The Agent for VMware binding lets you exclude a virtual machine from this distribution process by 
specifying the agent that must always back up this machine. The overall balance will be maintained, 
but this particular machine can be passed to a different agent only if the original agent is removed. 


To bind a machine with an agent 


1. Select the machine. 

2. Click Details. 
Inthe Assigned agent section, the software shows the agent that currently manages the 
selected machine. 

3. Click Change. 

4. Select Manual. 

5. Select the agent to which you want to bind the machine. 

6. Click Save. 


To unbind a machine from an agent 


1. Select the machine. 
2. Click Details. 
Inthe Assigned agent section, the software shows the agent that currently manages the 
selected machine. 
Click Change. 
4. Select Automatic. 
Click Save. 


Disabling automatic assignment for an agent 


You can disable the automatic assignment for Agent for VMware to exclude it from the distribution 
process by specifying the list of machines that this agent must back up. The overall balance will be 
maintained between other agents. 


Automatic assignment cannot be disabled for an agent if there are no other registered agents, or if 
automatic assignment is disabled for all other agents. 


To disable automatic assignment for an agent 


1. Click Settings > Agents. 

2. Select Agent for VMware for which you want to disable the automatic assignment. 
3. Click Details. 
4 


Disable the Automatic assignment switch. 


Usage examples 


e Manual binding comes in handy if you want a particular (very large) machine to be backed up by 
Agent for VMware (Windows) via a fibre channel while other machines are backed up by virtual 
appliances. 

e Manual binding is necessary if you are using SAN hardware snapshots. Bind Agent for VMware 
(Windows) for which SAN hardware snapshots are configured with the machines that reside on the 
SAN datastore. 

e It is necessary to bind VMs to an agent if the agent has a locally attached storage. 


e Disabling the automatic assignment enables you to ensure that a particular machine is predictably 
backed up on the schedule you specify. The agent that only backs up one VM cannot be busy 
backing up other VMs when the scheduled time comes. 

e Disabling the automatic assignment is useful if you have multiple ESXi hosts that are separated 
geographically. If you disable the automatic assignment, and then bind the VMs on each host to 
the agent running on the same host, you can ensure that the agent will never back up any 
machines running on the remote ESXi hosts, thus saving network traffic. 


18.2.6 Support for VM migration 


This section informs you about what to expect when virtual machines migrate within a vSphere 
environment, including migration between ESXi hosts that are part of a vSphere cluster. 


vMotion 


vMotion moves a virtual machine's state and configuration to another host while the machine's disks 
remain in the same location on shared storage. 


e vMotion of Agent for VMware (Virtual Appliance) is not supported and is disabled. 
e vMotion of a virtual machine is disabled during a backup. Backups will continue to run after the 
migration is completed. 


Storage vMotion 
Storage vMotion moves virtual machine disks from one datastore to another. 


e Storage vMotion of Agent for VMware (Virtual Appliance) is not supported and is disabled. 
e Storage vMotion of a virtual machine is disabled during a backup. Backups will continue to run 
after the migration. 


18.2.7 Managing virtualization environments 


You can view the vSphere, Hyper-V, and Virtuozzo environments in their native presentation. Once 
the corresponding agent is installed and registered, the VMware, Hyper-V, or Virtuozzo tab appears 
under Devices. 


In the VMware tab, you can back up the following vSphere infrastructure objects: 


e Datacenter 
e Folder 

e Cluster 

e ESXi host 


e Resource pool 


Each of these infrastructure objects works as a group object for virtual machines. When you apply a 
backup plan to any of these group objects, all virtual machines included in it, will be backed up. You 


can back up either the selected group machines by clicking Backup, or the parent group machines in 
which the selected group is included by clicking Group backup. 


For example, you have selected the cluster and then selected a resource pool inside it. If you click 
Backup, all virtual machines included in the selected resource pool will be backed up. If you click 
Group backup, all virtual machines included in the cluster will be backed up. 
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You can change access credentials for the vCenter Server or stand-alone ESXi host without re- 
installing the agent. 


To change the vCenter Server or ESXi host access credentials 


1. Under Devices, click VMware. 

2. Click Hosts and Clusters. 

3. Inthe Hosts and Clusters list (to the right of the Hosts and Clusters tree), select the vCenter 
Server or stand-alone ESXi host that was specified during the Agent for VMware installation. 

4. Click Details. 

5. Under Credentials, click the user name. 


6. Specify the new access credentials, and then click OK. 


18.2.8 Viewing backup status in vSphere Client 
You can view backup status and the last backup time of a virtual machine in vSphere Client. 


This information appears in the virtual machine summary (Summary > Custom 
attributes/Annotations/Notes, depending on the client type and vSphere version). You can also 
enable the Last backup and Backup status columns on the Virtual Machines tab for any host, 
datacenter, folder, resource pool, or the entire vCenter Server. 


To provide these attributes, Agent for VMware must have the following privileges in addition to those 
described in "Agent for VMware - necessary privileges": 


e Global > Manage custom attributes 


e Global > Set custom attribute 


18.2.9 Agent for VMware - necessary privileges 


This section describes the privileges required for operations with ESXi virtual machines and, 
additionally, for virtual appliance deployment. 


To perform any operations with vCenter objects, such as virtual machines, ESXi hosts, clusters, 
vCenter, and more, Agent for VMware authenticates on vCenter or ESXi host by using the vSphere 
credentials provided by a user. The vSphere account, used for connection to vSphere by Agent for 
VMware, must have the required privileges on all levels of vSphere infrastructure starting from the 
vCenter level. 


Specify the vSphere account with the necessary privileges during Agent for VMware installation or 
configuration. If you need to change the account at a later time, refer to the "Managing virtualization 
environments" section. 


To assign the permissions to a vSphere user on the vCenter level, do the following: 


1. Login to vSphere web client. 

2. Right-click on vCenter and then click Add permission. 

3. Select or add anew user with the required role (the role must include all the required permissions 
from the table below). 


4. Select the Propagate to children option. 


ee eee - Add Permission 


Select the users or groups on the left and the role to assign to them on the right. 


Users and Groups 


The users or groups listed below are 
assigned the role selected on the right on 


enter805client.dc.adc.corp.acronis.com’. 


Back up | Recover 


aVM 
VM 


Cryptographic 
operations 


Privilege 
Add disk 
(starting with 
vSphere 6.5) 
OOOO pe |> 
Browse datastore 


Configure 
datastore 


Low level file 

operations 
ee pe S 
DOO O Disable methods 


Enable methods 


349 


Assigned Role 


The users or groups obtain the permissions on the selected objects 
as defined by their assigned role. 


Administrator 


v AutoDeploy 
v Certificates 
v Content Library 
v Cryptographic operations 
v Datacenter 
+ v Datastore 
> v Datastore cluster 


& aZ Nictrihutad ewitah 


Description: All Privileges 


to anew 


[V] Propagate to children 


View Children 


Recover 
to an 
as hy 


Pes eer 
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Manage custom 
attributes 


Set custom 
attribute 


Host > VM autostart 
Configuration configuration 


Storage partition 
configuration 


Host > 
Inventory 


Host > Local 

: Create VM 
operations 
see [penan et 


Resource Assign VM to 
resource pool 


Modify cluster 


vApp Add virtual 
machine 


Virtual machine 
> Configuration 


Add new disk i l 


Add or remove 
device 


SS e e e 
Change CPU 
count 


Disk change 
tracking 


Virtual machine | Guest Operation 
> Guest Program 
Operations Execution 


Guest Operation 
Queries 


Guest Operation 
Modifications 


Virtual machine | Acquire guest 

> Interaction control ticket (in 
vSphere 4.1 and 
5.0) 


Configure CD 
media 


Console 
interaction 


Guest operating 
system 
management by 
VIX API (in 
vSphere 5.1 and 
later) 


Power off 


O ee | 
ce 
O pee e e 
C ee | ee e a 
a a a 


Virtual machine à 
E Te Allow disk access 
> Provisioning 


Allow read-only 
+ + 
disk access 
Allow virtual 
machine + + + + 
download 


Virtual machine 
Create snapshot + + + + 
> State 
Remove 
+ + + + 
snapshot 


* This privilege is required for backing up encrypted machines only. 


** This privilege is required for application-aware backups only. 


18.3 Backing up clustered Hyper-V machines 


In a Hyper-V cluster, virtual machines may migrate between cluster nodes. Follow these 
recommendations to set up a correct backup of clustered Hyper-V machines: 


1. Amachine must be available for backup no matter what node it migrates to. To ensure that Agent 
for Hyper-V can access a machine on any node, the agent service must run under a domain user 
account that has administrative privileges on each of the cluster nodes. 

We recommend that you specify such an account for the agent service during the Agent for 
Hyper-V installation. 
2. Install Agent for Hyper-V on each node of the cluster. 


3. Register all of the agents on the management server. 


18.3.1 High Availability of a recovered machine 


When you recover backed-up disks to an existing Hyper-V virtual machine, the machine's High 
Availability property remains as is. 


When you recover backed-up disks to a new Hyper-V virtual machine, or do a conversion to a Hyper-V 
virtual machine within a backup plan, the resulting machine is not highly available. It is considered as 
a spare machine and is normally powered off. If you need to use the machine in the production 
environment, you can configure it for High Availability from the Failover Cluster Management 
snap-in. 


18.4 Limiting the total number of simultaneously 
backed-up virtual machines 


The Scheduling backup option defines how many virtual machines an agent can back up 
simultaneously when executing the given backup plan. 


When multiple backup plans overlap in time, the numbers specified in their backup options are added 
up. Even though the resulting total number is programmatically limited to 10, overlapping plans can 
affect the backup performance and overload both the host and the virtual machine storage. 


You can further reduce the total number of virtual machines that an Agent for VMware or Agent for 
Hyper-V can back up simultaneously. 


To limit the total number of virtual machines that Agent for VMware (Windows) or Agent for 
Hyper-V can back up 


1. On the machine running the agent, create a new text document and open it in a text editor, such 
as Notepad. 
2. Copy and paste the following lines into the file: 


Windows Registry Editor Version 5.00 


[HKEY_LOCAL_ 

MACHINE\SOFTWARE \Acronis\MMS\Configuration\ManagedMachine\SimultaneousBackupsL 
imits] 

"MaxNumberOf Simul taneousBackups"=dword: 00000001 


3. Replace 00000001 with the hexadecimal value of the limit that you want to set. For example, 
00000001 is 1 and @0000@0A is 10. 
Save the document as limit.reg. 


Run the file as an administrator. 
Confirm that you want to edit the Windows registry. 


ph De ON 


Do the following to restart the agent: 

a. Inthe Start menu, click Run, and then type: cmd 
b. Click OK. 

c. Run the following commands: 


net stop mms 
net start mms 


To limit the total number of virtual machines that Agent for VMware (Virtual Appliance) or 
Agent for VMware (Linux) can back up 


1. On the machine running the agent, start the command shell: 
- Agent for VMware (Virtual Appliance): press CTRL+SHIFT+F2 while in the virtual appliance 
Ul. 
- Agent for VMware (Linux): log in as the root user to the machine running the Acronis Cyber 
Backup appliance. The password is the same as for the backup console. 
2. Open the file /etc/Acronis/MMS.config in a text editor, such as vi. 


3. Locate the following section: 


<key name="SimultaneousBackupsLimits"> 
<value name="MaxNumberOfSimultaneousBackups" type="Tdword">"10"</value> 
</key> 


4. Replace 10 with the decimal value of the limit that you want to set. 
Save the file. 
6. Restart the agent: 
- Agent for VMware (Virtual Appliance): execute the reboot command. 


- Agent for VMware (Linux): execute the following command: 


sudo service acronis_mms restart 


18.5 Machine migration 


You can perform machine migration by recovering its backup to a non-original machine. 


The following table summarizes the available migration options. 


Available recovery destinations 
Backed-up machine 


Hyper-V virtual 
machine 


type Physical machine ESXi virtual machine 


Physical machine 


VMware ESXi virtual 
machine 


Hyper-V virtual machine 


For instructions on how to perform migration, refer to the following sections: 


e Physical-to-virtual (P2V) - "Physical machine to virtual" 
e Virtual-to-virtual (V2V) - "Virtual machine" 


e Virtual-to-physical (V2P) - "Virtual machine" or "Recovering disks by using bootable media" 


Although it is possible to perform V2P migration in the web interface, we recommend using bootable 
media in specific cases. Sometimes, you may want to use the media for migration to ESXi or Hyper-V. 


The media enables you to do the following: 


e Perform P2V and V2P migration of a Linux machine containing logical volumes (LVM). Use Agent 
for Linux or bootable media to create the backup and bootable media to recover. 


e Provide drivers for specific hardware that is critical for the system bootability. 


18.6 Windows Azure and Amazon EC2 virtual machines 


To back up a Windows Azure or Amazon EC2 virtual machine, install a backup agent on the machine. 
The backup and recovery operations are the same as with a physical machine. Nevertheless, the 


machine is counted as virtual when you set quotas for the number of machines in a cloud 
deployment. 


The difference from a physical machine is that Windows Azure and Amazon EC2 virtual machines 
cannot be booted from bootable media. If you need to recover to a new Windows Azure or Amazon 
EC2 virtual machine, follow the procedure below. 


To recover a machine as a Windows Azure or Amazon EC2 virtual machine 


1. Create a new virtual machine from an image/template in Windows Azure or Amazon EC2. The new 
machine must have the same disk configuration as the machine that you want to recover. 

2. Install Agent for Windows or Agent for Linux on the new machine. 

3. Recover the backed-up machine as described in "Physical machine". When configuring the 
recovery, select the new machine as the target machine. 


18.6.1 Network requirements 


The agents installed on the backed-up machines must be able to communicate with the management 
server over the network. 


On-premises deployment 


e If both the agents and the management server are installed in the Azure/EC2 cloud, all machines 
are already located in the same network. No additional actions are required. 

e Ifthe management server is located outside the Azure/EC2 cloud, the machines in the cloud will 
not have network access to the local network where the management server is installed. To enable 
the agents installed on such machines to communicate with the management server, a virtual 
private network (VPN) connection between the local (on-premises) and the cloud (Azure/EC2) 
network must be created. For instructions about how to create the VPN connection, refer to the 
following articles: 

Amazon EC2: http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_VPN.html#vpn- 
create-cgw 

Windows Azure: https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-site- 
to-site-resource-manager-portal 


Cloud deployment 


In a cloud deployment, the management server is located in one of the Acronis data centers and is 
thus reachable by the agents. No additional actions are required. 


19 Protecting SAP HANA 


Protection of SAP HANA is described in a separate document available at https://d!. managed- 
protection.com/u/pdf/AcronisCyberBackup_12.5_SAP_HANA_whitepaper. pdf 


Note 
This functionality is not available in the Standard edition of Acronis Cyber Backup. 
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20 Device groups 


Note 
This functionality is not available in the Standard edition of Acronis Cyber Backup. 


Device groups are designed for convenient management of a large number of registered devices. 


You can apply a backup plan to a group. Once a new device appears in the group, the device becomes 
protected by the plan. If a device is removed from the group, the device will no longer be protected 
by the plan. A plan that is applied to a group cannot be revoked from a member of the group, only 
from the group itself. 


Only devices of the same type can be added to a group. For example, under Hyper-V you can create 
a group of Hyper-V virtual machines. Under Machines with agents, you can create a group of 
machines with installed agents. Under All devices, you cannot create a group. 


A single device can be a member of more than one group. 


20.1 Built-in groups 
Once a device is registered, it appears in one of the built-in root groups on the Devices tab. 
Root groups cannot be edited or deleted. You cannot apply plans to root groups. 


Some of the root groups contain built-in sub-root groups. These groups cannot be edited or deleted. 
However, you can apply plans to sub-root built-in groups. 


20.2 Custom groups 


Protecting all devices in a built-in group with a single backup plan may not be satisfactory because of 
the different roles of the machines. The backed-up data is specific for each department; some data 
has to be backed up frequently, other data is backed up twice a year. Therefore, you may want to 
create various backup plans applicable to different sets of machines. In this case, consider creating 
custom groups. 


A custom group can contain one or more nested groups. Any custom group can be edited or deleted. 
There are the following types of custom groups: 


e Static groups 
Static groups contain the machines that were manually added to them. The static group content 
never changes unless you explicitly add or delete a machine. 
Example: You create a custom group for the accounting department and manually add the 
accountants’ machines to this group. Once you apply a backup plan to the group, the accountants' 
machines become protected. If a new accountant is hired, you will have to add the new machine to 
the group manually. 


e Dynamic groups 


Dynamic groups contain the machines added automatically according to the search criteria 
specified when creating a group. The dynamic group content changes automatically. A machine 
remains in the group while it meets the specified criteria. 

Example 1: The host names of the machines that belong to the accounting department contain 
the word "accounting". You specify the partial machine name as the group membership criterion 
and apply a backup plan to the group. If anew accountant is hired, the new machine will be added 
to the group as soon as it is registered, and thus will be protected automatically. 

Example 2: The accounting department forms a separate Active Directory organizational unit 
(OU). You specify the accounting OU as the group membership criterion and apply a backup plan 
to the group. If a new accountant is hired, the new machine will be added to the group as soon as it 
is registered and added to the OU (regardless of which comes first), and thus will be protected 
automatically. 


20.3 Creating a static group 


1. 


Click Devices, and then select the built-in group which contains the devices for which you want to 
create a Static group. 


Click the gear icon next to the group in which you want to create a group. 


3. Click New group. 


Specify the group name, and then click OK. 


The new group appears in the groups tree. 


20.4 Adding devices to static groups 


4, 


Click Devices, and then select one or more devices that you want to add to a group. 
Click Add to group. 

The software displays a tree of groups to which the selected device can be added. 

If you want to create a new group, do the following. Otherwise, skip this step. 

a. Select the group in which you want to create a group. 

b. Click New group. 

c. Specify the group name, and then click OK. 

Select the group to which you want to add the device, and then click Done. 


Another way to add devices to a static group is to select the group and click Add devices. 


20.5 Creating a dynamic group 


i 


Click Devices, and then select the group which contains the devices for which you want to create 
a dynamic group. 


Note 
You cannot create dynamic groups for the All devices group. 


2. Search for devices by using the search field. You can use multiple search criteria and operators 
described below. 


3. Click Save as next to the search field. 


Note 
Some search criteria are not supported for group creation. See the table in section Search criteria 
below. 


4. Specify the group name, and then click OK. 


20.5.1 Search criteria 


The following table summarizes the available search criteria. 


Criterion Meaning Search query examples Supported 


for group 
name Host name for physical name = 'en-00' 
machines 
Name for virtual machines 
Database name 
Email address for 
mailboxes 


creation 
comment Comment for a device. comment = ‘important machine' 


Default value: comment = '' (all machines without 


: , a comment) 
For physical machines 


running Windows, the 
computer description 


taken from the computer 


properties in Windows. 


e Empty for other devices. 


To view the comment, under 
Devices, select the device, 
click Details, and then locate 
the Comment section. 


To add or change the 
comment, click Add or Edit. 


ip IP address (only for physical ip RANGE 
machines) ('10.250.176.1','10.250.176.50') 


RAM size in megabytes (MiB) | memorySize < 1024 
Virtual machine with an agent | insideVm = true 


inside. 


Possible values: 


Operating system name. osName LIKE '%Windows XP%' 


osType Operating system type. osType IN ('linux', 'macosx' ) 
Possible values: 
e 'windows' 
e 'lLinux' 
e 'macosx' 


osProductType The operating system osProductType = 'server' 
product type. 


Possible values: 


ode" 
Stands for Domain 
Controller. 
Note When the domain 
controller role is assigned 
on a Windows server, the 
osProductType changes 
from "server" to "dc". Such 
machines will be not 
included in search results 
for filter 
"osProductType='server'. 

e 'server' 


e 'workstation' 


The name of the unit to which | tenant = 'Unit 1' 


the device belongs. 


tenantId The identifier of the unit to tenantId = '3bfe6ca9-9c6a-4953- 
which device belongs. 9cb2-a1323f454fc9' 


To get the unit ID, under 
Devices, select the device, 
click Details > All 
properties. The ID is shown 
in the ownerld field. 


Device state. state = 'backup' 


Possible values: 


protectedByPlan 


okByPlan 


errorByPlan 


warningByPlan 


runningByPlan 


interactionByPlan 


‘idle' 
‘interactionRequired' 
"canceling' 
"backup' 

' recover ' 
'install' 

' reboot ' 
'failback' 
'testReplica' 
'run_from_image ' 
'finalize' 
'failover' 
'replicate' 
'createAsz' 
'deleteAsz' 


'resizeAsz' 


Devices that are protected by 
a backup plan with a given ID. 


To get the plan ID, click Plans 
> Backup, select the plan, 
click on the diagram in the 
Status column, and then click 
on a status. A new search 
with the plan ID will be 
created. 


Devices that are protected by 
a backup plan with a given ID 
and have an OK status. 


Devices that are protected by 
a backup plan with a given ID 
and have an Error status. 


Devices that are protected by 
a backup plan with a given ID 
and have a Warning status. 


Devices that are protected by 
a backup plan with a given ID 


and have a Running status. 


Devices that are protected by 
a backup plan with a given ID 
and have an Interaction 
Required status. 


protectedByPlan = '4B2A7A93-A44F- 


4155-BDE3-A023C57C9431 ' 


okByPlan = '4B2A7A93-A44F-4155- 
BDE3-AQ23C57C9431' 


errorByPlan = '4B2A7A93-A44F- 
4155-BDE3-AQ23C57C9431' 


warningByPlan = '4B2A7A93-A44F - 
4155-BDE3-A@23C57C9431' 


runningByPlan = '4B2A7A93-A44F - 
4155-BDE3-A@23C57C9431' 


interactionByPlan = '4B2A7A93- 
A44F -4155-BDE3-AQ23C57C9431 ' 


lastBackupTime 


lastBackupTryTime 


nextBackupTime 


agentVersion 


resourcelype 


Machines that belong to the 
specified Active Directory 
organizational unit. 


Device ID. 


To get the device ID, under 
Devices, select the device, 
click Details > All 
properties. The ID is shown 
in the id field. 


The date and time of the last 
successful backup. 


The formatis 'YYYY-MM-DD 
HH:MM'. 


The time of the last backup 
attempt. 


The format is 'YYYY-MM-DD 
HH:MM'. 


The time of the next backup. 


The format is 'YYYY-MM-DD 
HH:MM'. 


Version of the installed 
backup agent. 


Internal ID of the backup 
agent. 


To get the backup agent ID, 
under Devices, select the 
machine, click Details > All 
properties. Use the "id" 


value of the agent property. 


Resource type. 
Possible values: 


'machine' 
'virtual_machine. vmwesx' 
'virtual_ 
machine.mshyperv' 
"virtual_machine. rhev' 
'virtual_machine.kvm' 


"virtual_machine. xen' 


ou IN ('RnD', 'Computers') 


id != '4B2A7A93-A44F -4155-BDE3- 
AQ23C57C9431' 


lastBackupTime > '2016-@3-11' 


lastBackupTime <= '2016-@3-11 
00:15' 


lastBackupī 


lastBackupTryTime >= '2016-03-11' 


nextBackupTime >= '2016-@3-11' 


agentVersion LIKE 


hostId = '4B2A7A93-A44F-4155- 
BDE3-AQ23C57C9431' 


resourceType = 'machine' 


resourceType in ('mssql_aag_ 


database', 'mssql_database' ) 


Note 

If you skip the hour and minutes value, the start time is considered to be YYYY-MM-DD 00:00, and 
the end time is considered to be YYYY-MM-DD 23:59:59. For example, lastBackupTime = 2020-02- 
20, means that the search results will include all backups from the interval 

lastBackupTime >= 2020-02-20 00:00 and lastBackup time <= 2020-02-20 23:59:59 


20.5.2 Operators 


The following table summarizes the available operators. 


enw [in [ms 


AND Logical conjunction operator. name like 'en-@@' AND tenant = 
"Unit 1' 


Logical disjunction operator. state = 'backup' OR state = 
‘interactionRequired' 


Logical negation operator. NOTCosProductType = 'workstation') 


LIKE ‘wildcard This operator is used to test if an expression name LIKE 'en-00' 


pattern’ matches the wildcard pattern. This operator is 
name LIKE '*en-QQ' 


case-insensitive. 


i ; name LIKE '*xen-QQx' 
The following wildcard operators can be used: 


; ; name LIKE 'en-00_' 
e *or % The asterisk and the percent sign 


represent zero, one, or multiple characters 
e _The underscore represents a single 
character 


IN (<value1>,... | This operator is used to test if an expression osType IN ('windows', 'linux') 


<valueN>) matches any value ina list of values. This 
operator is case-sensitive. 


RANGE (<starting_ | This operator is used to test if anexpressionis | ip RANGE 
value>, <ending_ | within a range of values (inclusive). ('10.250.176.1','10.250.176.50') 


value>) 


20.6 Applying a backup plan to a group 


1. Click Devices, and then select the built-in group that contains the group to which you want to 
apply a backup plan. 
The software displays the list of child groups. 

2. Select the group to which you want to apply a backup plan. 

3. Click Group backup. 
The software displays the list of backup plans that can be applied to the group. 


4. Do one of the following: 


e Expand an existing backup plan, and then click Apply. 


e Click Create new, and then create a new backup plan as described in "Backup". 


21 Monitoring and reporting 


Note 
In cloud deployments, some of the features described in this section might not be available or might 
be different. 


The Dashboard section enables you to monitor the current state of your backup infrastructure. The 
Reports section enables you to generate on-demand and scheduled reports about the backup 
infrastructure. The Reports section is available only with an Advanced license. 


The Dashboard and Reports sections appear under the Overview tab only if the Monitoring 
Service component was installed with the management server (it is installed by default). 


21.1 Dashboard 


The Dashboard provides a number of customizable widgets that give an overview of your backup 
infrastructure. The widgets are updated in real time. You can choose from more than 20 widgets, 
presented as pie charts, tables, graphs, bar charts, and lists. 


The following widgets are displayed by default: 


- Protection status. Shows protection statuses for the selected device group. 

e Storage. Shows total, free, and occupied space for the selected backup location. 

- Monthly storage usage. Shows the monthly space usage trend for the selected backup location. 
e Activities. Shows results of activities for the last seven days. 

- Not protected. Shows devices without backup plans. 


e Active alerts. Shows the five most recent active alerts. 
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Result Plan name Activity type Activity name Started by Start time Duration be] 


Oox Backup plan 1 Backup plans Backup plan 'Backup plan.. WIN-2A1NUKBHD7U\Ad.. 10:10 AM 


n/a Oox Infrastructure Refreshing recovery points Backup service 09:59 AM a few seconds 


Widgets have clickable elements that enable you to investigate and troubleshoot issues. 


You can download the current state of the dashboard in the .pdf or .xlsx format, or send it via email. 
To send the dashboard via email, ensure that the Email server settings are configured. 
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21.2 Reports 


Note 
This functionality is available only with the Acronis Cyber Backup Advanced license. 


A report can include any set of the dashboard widgets. You can use predefined reports or create a 
custom report. 


The reports can be sent via email or downloaded on a schedule. To send the reports via email, ensure 
that the Email server settings are configured. 


If you want to process a report by using third-party software, schedule saving the report in the .xlsx 
format to a specific folder. 
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Basic operations with reports 


Click Overview > Reports, select a report, and then do one of the following: 


e To view a report, click Open. 

e To send the report via email, click Send now, specify the email addresses, select the report format, 
and then click Send. 

e To download the report, click Download. 


Scheduling a report 


1. Select a report, and then click Schedule. 

2. Enable the Send a scheduled report switch. 

3. Select whether to send the report via email, save it to a folder, or both. Depending on your choice, 
specify the email addresses, the folder path, or both. 

4. Select the report format: .pdf, .xlsx, or both. 
Select the reporting period: 1 day, 7 days, or 30 days. 


366 © Acronis International GmbH, 2003-2021 


6. Select the days and the time when the report will be sent or saved. 
7. Click Save. 


Exporting and importing the report structure 


You can export and import the report structure (the set of widgets and the schedule settings) to a 
.json file. This may be useful in case of the management server re-installation or for copying the 
report structure to a different management server. 


To export the report structure, select a report, and then click Export. 


To import the report structure, click Create report, and then click Import. 


Dumping the report data 


You can save a dump of the report data to a .csv file. The dump includes all of the report data 
(without filtering) for a custom time range. 


The software generates the data dump on the fly. If you specify a long period of time, this action may 
take a long time. 


To dump the report data 


Select a report, and then click Open. 
Click the vertical ellipsis icon in the top-right corner, and then click Dump data. 
In Location, specify the folder path for the .csv file. 


In Time range, specify the time range. 
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Click Save. 


21.3 Configuring the severity of alerts 


An alert is a message that warns about actual or potential problems. You can use the alerts in various 
ways: 


e The Alerts section of the Overview tab lets you quickly identify and solve the problems by 


monitoring the current alerts. 


e Under Devices, the device status is derived from alerts. The Status column enables you to filter 
devices with problems. 


e When configuring email notifications, you can choose which alerts will trigger a notification. 
An alert can have one of the following severities: 


e Critical 
e Error 


e Warning 


You can change the severity of an alert or disable an alert completely by using the alerts configuration 
file as described below. This operation requires restarting the management server. 


Changing the severity of an alert does not affect already generated alerts. 


21.3.1 Alerts configuration file 
The configuration file is located on the machine running the management server. 


e In Windows: <installation_path>\AlertManager\alert_manager.yaml 
Here, <installation_path> isthe management server installation path. By default, it is 
%ProgramFiles%\Acronis . 

e In Linux: /usr/lib/Acronis/AlertManager/alert_manager.yaml 


The file is structured as a YAML document. Each alert is an element in the alertTypes list. 
The name key identifies the alert. 


The severity key defines the alert severity. It must have one of the following values: critical, 


error, Or warning. 


The optional enabled key defines whether the alert is enabled or disabled. Its value must be either 
true or false. By default (without this key) all alerts are enabled. 


To change the severity of an alert or disable an alert 


1. On the machine where the management server is installed, open the alert_manager.yaml file in 
atext editor. 

2. Locate the alert that you want to change or disable. 

3. Do one of the following: 
e Tochange the alert severity, change the value of the severity key. 
e To disable the alert, add the enabled key, and then set its value to false. 

4. Save the file. 

5. Restart the management server service as described below. 


To restart the management server service in Windows 


1. Inthe Start menu, click Run, and then type: cmd 
2. Click OK. 
3. Run the following commands: 


net stop acrmngsrv 
net start acrmngsrv 


To restart the management server service in Linux 


1. Open Terminal. 
2. Run the following command in any directory: 


sudo service acronis_ams restart 


22 Advanced storage options 


Note 
This functionality is available only with the Acronis Cyber Backup Advanced license. 


22.1 Tape devices 


The following sections describe in detail how to use tape devices for storing backups. 


22.1.1 What is a tape device? 
A tape device is a generic term that means a tape library or a stand-alone tape drive. 
A tape library (robotic library) is a high-capacity storage device that contains: 


e one or more tape drives 

e multiple (up to several thousand) slots to hold tapes 

e one or more changers (robotic mechanisms) intended to move the tapes between the slots and 
the tape drives. 


It may also contain other components such as barcode readers or barcode printers. 


An autoloader is a particular case of tape libraries. It contains one drive, several slots, a changer and 
a barcode reader (optional). 


A stand-alone tape drive (also called streamer) contains one slot and can hold only one tape at a 
time. 


22.1.2 Overview of tape support 


Backup agents can back up data to a tape device directly or through a storage node. In either case, 
fully automatic operation of the tape device is ensured. When a tape device with several drives is 
attached to a storage node, multiple agents can simultaneously back up to tapes. 


Compatibility with RSM and third-party software 


Coexistence with third-party software 


It is not possible to work with tapes on a machine where third-party software with proprietary tape 
management tools is installed. To use tapes on such a machine, you need to uninstall or deactivate 
the third-party tape management software. 


Interaction with Windows Removable Storage Manager (RSM) 


Backup agents and storage nodes do not use RSM. When detecting a tape device, they disable the 
device from RSM (unless it is being used by other software). As long as you want to work with the 


tape device, make sure that neither a user nor third-party software enables the device in RSM. If the 
tape device was enabled in RSM, repeat the tape device detection. 


Supported hardware 


Acronis Cyber Backup supports external SCSI devices. These are devices connected to Fibre Channel 
or using the SCSI, iSCSI, Serial Attached SCSI (SAS) interfaces. Also, Acronis Cyber Backup supports 
USB-connected tape devices. 


In Windows, Acronis Cyber Backup can back up to a tape device even if the drivers for the device's 
changer are not installed. Such a tape device is shown in Device Manager as Unknown Medium 
Changer. However, drivers for the device's drives must be installed. In Linux and under bootable 
media, backing up to a tape device without drivers is not possible. 


Recognition of IDE or SATA connected devices is not guaranteed. It depends on whether proper 
drivers have been installed in the operating system. 


To learn if your specific device is supported, use the Hardware Compatibility Tool as described at 
http://kb.acronis.com/content/57237. You are welcome to send a report about the test results to 
Acronis. Hardware with confirmed support is listed in the Hardware Compatibility List: 
https://go.acronis.com/acronis-cyber-backup-advanced-tape-hcl. 


Tape management database 


The information about all tape devices attached to a machine is stored in the tape management 
database. The default database path is as follows: 


e In Windows XP/Server 2003: %ALLUSERSPROFILE%\Application 
Data\Acronis\BackupAndRecovery\ARSM\Database. 

e In Windows Vista and later versions of Windows: 
%PROGRAMDATA%\Acronis\BackupAndRecovery\ARSM\ Database. 

e In Linux: /var/lib/Acronis/BackupAndRecovery/ARSM/Database. 


The database size depends on the number of backups stored on tapes and equals approximately 
10 MB per hundred backups. The database may be large if the tape library contains thousands of 
backups. In this case, you may want to store the tape database on a different volume. 


To relocate the database in Windows: 


1. Stop the Removable Storage Management service. 

2. Move all files from the default location to the new location. 

3. Find the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Acronis\ARSM\Settings. 
4 


. Specify the new location path in the registry value ArsmDmIDbProtocol. The string may contain 
up to 32765 characters. 


5. Start the Removable Storage Management service. 


To relocate the database in Linux: 


Stop the acronis_rsm service. 

Move all files from the default location to the new location. 

Open the configuration file /etc/Acronis/ARSM.config in a text editor. 
Locate the line <value name="ArsmDm1DbProtocol" type="TString">. 
Change the path under this line. 

Save the file. 
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Start the acronis_rsm service. 


Parameters for writing to tapes 


The tape writing parameters (block size and cache size) allow you to fine-tune the software to achieve 
the maximum performance. Both parameters are required for writing to tapes, but normally you only 
need to adjust the block size. The optimal value depends on the tape device type and on the data 
being backed up, such as the number of files and their size. 


Note 
When the software reads from a tape, it uses the same block size that was used when writing to the 
tape. If the tape device does not support this block size, the reading will fail. 


The parameters are set on each machine that has a tape device attached. It can be a machine where 
an agent or a storage node is installed. On a machine running Windows, the configuration is 
performed in the registry; on a Linux machine, it is done in the configuration file 
/etc/Acronis/BackupAndRecovery.config. 


In Windows, create the respective registry keys and their DWORD values. In Linux, add the following 
text at the end of the configuration file, right before the </registry> tag: 


<key name="TapeLocation"> 
<value name="WriteCacheSize" type="Dword"> 
"value" 
</value> 
<value name=DefaultBlockSize" type="Dword"> 
"value" 
</value> 
</key> 


DefaultBlockSize 


This is the block size (in bytes) used when writing to tapes. 


Possible values: 0, 32, 64, 128, 256, 512, 1024, 2048, 4096, 8192, 16384, 32768, 65536, 131072, 
262144, 524288, 1048576. 


If the value is O or if the parameter is absent, the block size is determined as follows: 


e In Windows, the value is taken from the tape device driver. 
e In Linux, the value is 64 KB. 


Registry key (on a machine running Windows):HKEY_LOCAL_ 
MACHINE\SOFTWARE\Acronis\BackupAndRecovery\TapeLocation\DefaultBlockSize 


Line in /etc/Acronis/BackupAndRecovery.config (on a machine running Linux): 


<value name=DefaultBlockSize" type="Dword"> 
"value" 
</value> 


If the specified value is not accepted by the tape drive, the software divides it by two until the 
applicable value is reached or until the value reaches 32 bytes. If the applicable value is not found, the 
software multiplies the specified value by two until the applicable value is reached or until the value 
reaches 1 MB. If no value is accepted by the drive, the backup will fail. 


WriteCacheSize 


This is the buffer size (in bytes) used when writing to tapes. 


Possible values: 0, 32, 64, 128, 256, 512, 1024, 2048, 4096, 8192, 16384, 32768, 65536, 131072, 
262144, 524288, 1048576, but not less than the DefaultBlockSize parameter value. 


If the value is 0 or if the parameter is absent, the buffer size is 1 MB. If the operating system does not 
support this value, the software divides it by two until the applicable value is found or until the 
DefaultBlockSize parameter value is reached. If the value supported by the operating system is not 
found, the backup fails. 


Registry key (on a machine running Windows): 
HKEY_LOCAL_ 
MACHINE\SOFTWARE\Acronis\BackupAndRecovery\TapeLocation\WriteCacheSize 


Line in /etc/Acronis/BackupAndRecovery.config (on a machine running Linux): 


<value name="WriteCacheSize" type="Dword"> 
"value" 
</value> 


If you specify a non-zero value that is not supported by the operating system, the backup will fail. 


Tape-related backup options 
You can configure the Tape management backup options to determine: 


e Whether to enable file recovery from disk-level backups stored on tapes. 

e Whether to return tapes back to slots after backup plan completion. 

e Whether to eject tapes after backup completion. 

e Whether to use a free tape for each full backup. 

e Whether to overwrite a tape when creating a full backup (for stand-alone tape drives only). 


e Whether to use tape sets to differentiate tapes used, for example, for backups created on different 
days of week or for backups of different machine types. 


Parallel operations 


Acronis Cyber Backup can simultaneously perform operations with various components of a tape 
device. During an operation that uses a drive (backing up, recovering, rescanning, or erasing), you can 
launch an operation that uses a changer (moving a tape to another slot or ejecting a tape) and vice 
versa. If your tape library has more than one drive, you can also launch an operation that uses one of 
the drives during an operation with another drive. For example, several machines can back up or 
recover simultaneously using different drives of the same tape library. 


The operation of detecting the new tape devices can be performed simultaneously with any other 
operation. During inventorying, no other operation is available except for detecting the new tape 
devices. 


Operations that cannot be performed in parallel are queued. 


Limitations 
The limitations of tape device usage are the following: 


1. Tape devices are not supported when a machine is booted from 32-bit Linux-based bootable 
media. 
2. You cannot back up the following data types to tapes: Microsoft Office 365 mailboxes, Microsoft 
Exchange mailboxes. 
You cannot create application-aware backups of physical and virtual machines. 
4. In macOS, only file-level backup to a managed tape-based location is supported. 
5. The consolidation of backups located on tapes is not possible. As a result, the Always 
incremental backup scheme is unavailable when you back up to tapes. 
6. The deduplication of backups located on tapes is not possible. 
7. The software cannot automatically overwrite a tape that contains at least one non-deleted backup 
or if there are dependent backups on other tapes. 
8. You cannot recover under an operating system from a backup stored on tapes if the recovery 
requires the operating system reboot. Use bootable media to perform such recovery. 
9. You can validate any backup stored on tapes, but you cannot select for validation an entire tape- 
based location or tape device. 
10. Amanaged tape-based location cannot be protected with encryption. Encrypt your backups 
instead. 
11. The software cannot simultaneously write one backup to multiple tapes or multiple backups 
through the same drive to the same tape. 
12. Devices that use the Network Data Management Protocol (NDMP) are not supported. 
13. Barcode printers are not supported. 


14. Linear Tape File System (LTFS) formatted tapes are not supported. 


Readability of tapes written by older Acronis products 


The following table summarizes the readability of tapes written by Acronis True Image Echo, Acronis 
True Image 9.1, Acronis Backup & Recovery 10 and Acronis Backup & Recovery 11 product families in 
Acronis Cyber Backup. The table also illustrates the compatibility of tapes written by various 
components of Acronis Cyber Backup. 


It is possible to append incremental and differential backups to rescanned backups that were created 
by Acronis Backup 11.5 and Acronis Backup 11.7. 
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22.1.3 Getting started with a tape device 


Backing up a machine to a locally attached tape device 


Prerequisites 


e The tape device is attached to the machine in accordance with the manufacturer's instructions. 


e The backup agent is installed on the machine. 


Before backing up 


Load tapes to the tape device. 
Log in to the backup console. 
In Settings > Tape management, expand the machine node, and then click Tape devices. 


Ensure that the attached tape device is displayed. If it is not, click Detect devices. 
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Perform the tape inventory: 

a. Click the tape device name. 

b. Click Inventory to detect the loaded tapes. Keep Full inventory turned on. Do not turn on 
Move unrecognized or imported tapes to the 'Free tapes' pool. Click Start 
inventorying now. 

Result. The loaded tapes have been moved to proper pools as specified in the "Inventorying" 
section. 


Note 
Full inventorying of an entire tape device may take a long time. 


c. If the loaded tapes were sent to the Unrecognized tapes or Imported tapes pool and you 
want to use them for backing up, move such tapes to the Free tapes pool manually. 


Note 
Tapes sent to the Imported tapes pool contain backups written by Acronis software . Before 
moving such tapes to the Free tapes pool, ensure that you do not need these backups. 


Backing up 


Create a backup plan as described in the "Backup" section. When specifying the backup location, 
select Tape pool ‘Acronis’. 


Results 


e To access the location where backups will be created, click Backups > Tape pool ‘Acronis’. 


e Tapes with the backups will be moved to the Acronis pool. 
Backing up to a tape device attached to a storage node 


Prerequisites 


e Astorage node is registered on the management server. 
e The tape device is attached to the storage node in accordance with the manufacturer's 
instructions. 


Before backing up 


1. Load tapes to the tape device. 

2. Login to the backup console. 

3. Click Settings > Tape management, expand the node with the storage node name, and then 
click Tape devices. 

4. Ensure that the attached tape device is displayed. If it is not, click Detect devices. 

Perform the tape inventory: 

a. Click the tape device name. 

b. Click Inventory to detect the loaded tapes. Keep Full inventory turned on. Do not turn on 
Move unrecognized or imported tapes pools to the ‘Free tapes’ pool. Click Start 
inventorying now. 

Result. The loaded tapes have been moved to proper pools as specified in the "Inventorying" 
section. 


Note 
Full inventorying of an entire tape device may take a long time. 


c. If the loaded tapes were sent to the Unrecognized tapes or Imported tapes pool and you 
want to use them for backing up, move such tapes to the Free tapes pool manually. 


Note 
Tapes sent to the Imported tapes pool contain backups written by Acronis software . Before 
moving such tapes to the Free tapes pool, ensure that you do not need these backups. 


d. Decide whether you want to back up to the Acronis pool or to create a new pool. 


Details. Having several pools enables you to use a separate tape set for each machine or each 
department of your company. By using multiple pools, you can prevent backups created via 
different backup plans from mixing up on one tape. 

e. If the selected pool can take tapes from the Free tapes pool when required, skip this step. 
Otherwise, move tapes from the Free tapes pool to the selected pool. 
Tip. To learn whether a pool can take tapes from the Free tapes pool, click the pool and then 
click Info. 


Backing up 


Create a backup plan as described in the "Backup" section. When specifying the backup location, 


select the created tape pool. 


Results 


To access the location where backups will be created, click Backups, and then click the name of the 
created tape pool. 
Tapes with the backups will be moved to the selected pool. 


Tips for further usage of the tape library 


You do not need to perform full inventorying each time you load a new tape. To save time, follow 
the procedure described in the "Inventorying" section under "Combination of fast and full 
inventorying". 

You can create other pools on the same tape library and select any of them as a destination for 
backups. 


Recovering under an operating system from a tape device 


To recover under an operating system from a tape device: 
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Log in to the backup console. 

Click Devices, and then select the backed-up machine. 

Click Recovery. 

Select a recovery point. Note that recovery points are filtered by location. 

The software shows you the list of tapes required for the recovery. The missing tapes are grayed 
out. If your tape device has empty slots, load these tapes into the device. 

Configure other recovery settings. 

Click Start recovery to start the recovery operation. 

If any of the required tapes are not loaded for some reason, the software will show you a message 
with the identifier of the needed tape. Do the following: 

a. Load the tape. 

b. Perform the fast inventorying. 

c. Click Overview > Activities, and then click the recovery activity with the Interaction 


d. 


required status. 


Click Show details, and then click Retry to continue the recovery. 


What if I do not see backups stored on tapes? 


It may mean that the database with the contents of tapes is lost or corrupted for some reason. 


To restore the database, do the following: 
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Perform the fast inventorying. 


Warning! 
During the inventorying, do not turn on Move unrecognized and imported tapes to the 
‘Free tapes' pool. If the switch is turned on, you may lose all your backups. 


Rescan the Unrecognized tapes pool. As a result, you will get the contents of the loaded tape(s). 
If any of the detected backups continue on other tapes that have not been rescanned yet, load 
these tapes as prompted and rescan them. 


Recovering under bootable media from a locally attached tape device 


To recover under bootable media from a locally attached tape device: 
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3. 


Load the tape(s) required for the recovery into the tape device. 

Boot the machine from the bootable media. 

Click Manage this machine locally or click Rescue Bootable Media twice, depending on the 
media type you are using. 

If the tape device is connected by using the iSCSI interface, configure the device as described in 
"Configuring iSCSI and NDAS devices". 

Click Tape management. 

Click Inventory. 

In Objects to be inventoried, select the tape device. 

Click Start to start the inventorying. 

After the inventorying completes, click Close. 

Click Actions > Recover. 

Click Select data, and then click Browse. 

Expand Tape devices, and then select the necessary device. The system prompts to confirm the 
rescanning. Click Yes. 


. Select the Unrecognized tapes pool. 


Select the tapes to be rescanned. To select all the tapes of the pool, select the check box next to 
the Tape name column header. 

If the tapes contain a password-protected backup, select the corresponding check box, and then 
specify the password for the backup in the Password box. If you do not specify a password, or 
the password is incorrect, the backup will not be detected. Please keep this in mind in case you see 
no backups after the rescanning. 


Tip. If the tapes contain several backups protected by various passwords, you need to repeat the 
rescanning several times specifying each password in turn. 

16. Click Start to start the rescanning. As a result, you will get the contents of the loaded tape(s). 

17. If any of the detected backups continue on other tapes that have not been rescanned yet, load 
these tapes as prompted and rescan them. 

18. After the rescanning completes, click OK. 

19. Inthe Archive view, select the backup whose data is to be recovered, and then select the data 
you want to recover. After you click OK, the Recover data page will show you the list of tapes 
required for the recovery. The missing tapes are grayed out. If your tape device has empty slots, 
load these tapes into the device. 

20. Configure other recovery settings. 

21. Click OK to start the recovery. 

22. If any of the required tapes are not loaded for some reason, the software will show you a message 
with the identifier of the needed tape. Do the following: 

a. Load the tape. 

b. Perform the fast inventorying. 

c. Click Overview > Activities, and then click the recovery activity with the Interaction 
required status. 

d. Click Show details, and then click Retry to continue the recovery. 


Recovering under bootable media from a tape device attached to a storage 
node 
To recover under bootable media from a tape device attached to a storage node: 


1. Load the tape(s) required for the recovery into the tape device. 

2. Boot the machine from the bootable media. 

3. Click Manage this machine locally or click Rescue Bootable Media twice, depending on the 
media type you are using. 

4. Click Recover. 

Click Select data, and then click Browse. 

6. Inthe Path box, typebsp://<storage node address>/<pool name>/, where <storage node 
address> is the IP address of the storage node that contains the required backup, and <pool 
name> is the name of the tape pool. Click OK and specify credentials for the pool. 

7. Select the backup, and then select the data you want to recover. After you click OK, the Recover 
data page will show you the list of tapes required for the recovery. The missing tapes are grayed 
out. If your tape device has empty slots, load these tapes into the device. 

Configure other recovery settings. 
Click OK to start the recovery. 

10. If any of the required tapes are not loaded for some reason, the software will show you a message 
with the identifier of the needed tape. Do the following: 


Load the tape. 
Perform the fast inventorying. 


c. Click Overview > Activities, and then click the recovery activity with the Interaction 
required status. 


d. Click Show details, and then click Retry to continue the recovery. 
22.1.4 Tape management 


Detecting tape devices 


When detecting tape devices, the backup software finds tape devices attached to the machine and 
places information about them in the tape management database. Detected tape devices are 
disabled from RSM. 


Usually, a tape device is detected automatically as soon as it is attached to a machine with the 
product installed. However you may need to detect tapes devices in the following cases: 


e After you have attached or re-attached a tape device. 


e After you have installed or reinstalled the backup software on the machine to which a tape device 
is attached. 


To detect the tape devices 


1. Click Settings > Tape management. 
2. Select the machine to which the tape device is attached. 


3. Click Detect devices. You will see the connected tape devices, their drives and slots. 


Tape pools 


The backup software uses tape pools that are logical groups of tapes. The software contains the 
following predefined tape pools: Unrecognized tapes, Imported tapes, Free tapes, and Acronis. 
Also, you can create your own custom pools. 


The Acronis pool and custom pools are also used as backup locations. 


Predefined pools 


Unrecognized tapes 


The pool contains tapes that were written by third-party applications. To write to such tapes, you 
need to move them to the Free tapes pool explicitly. You cannot move tapes from this pool to any 
other pool, except for the Free tapes pool. 


Imported tapes 


The pool contains tapes that were written by Acronis Cyber Backup in a tape device attached to 
another storage node or agent. To write to such tapes, you need to move them to the Free tapes 
pool explicitly. You cannot move tapes from this pool to any other pool, except for the Free tapes 
pool. 


Free tapes 
The pool contains free (empty) tapes. You can manually move tapes to this pool from other pools. 


When you move a tape to the Free tapes pool, the software marks it as empty. If the tape contains 
backups, they are marked with the if icon. When the software starts overwriting the tape, the data 
related to the backups will be removed from the database. 


Acronis 


The pool is used for backing up by default, when you do not want to create your own pools. Usually it 
applies to one tape drive with a small number of tapes. 


Custom pools 


You need to create several pools if you want to separate backups of different data. For example, you 
may want to create custom pools in order to separate: 


e backups from different departments of your company 
e backups from different machines 


e backups of system volumes and users' data. 
Operations with pools 


Creating a pool 


To create a pool: 


1. Click Settings > Tape management. 

2. Select the machine or the storage node to which your tape device is attached, and then click Tape 
pools under this machine. 
Click Create pool. 

4. Specify the pool name. 
[Optional] Clear the Take tapes from the 'Free tapes’ pool automatically... check box. If 
cleared, only tapes that are included into the new pool at a certain moment will be used for 
backing up. 

6. Click Create. 


Editing a pool 
You can edit parameters of the Acronis pool or your own custom pool. 
To edit a pool: 


1. Click Settings > Tape management. 
2. Select the machine or the storage node to which your tape device is attached, and then click Tape 
pools under this machine. 


3. Select the required pool, and then click Edit pool. 


4. You can change the pool name or settings. For more information about pool settings, see the 
"Creating a pool" section. 


5. Click Save to save the changes. 


Deleting a pool 


You can delete only custom pools. Predefined tape pools (Unrecognized tapes, Imported tapes, 
Free tapes, and Acronis) cannot be deleted. 


Note 
After a pool is deleted, do not forget to edit backup plans that have the pool as the backup location. 
Otherwise, these backup plans will fail. 


To delete a pool: 


1. Click Settings > Tape management. 
2. Select the machine or the storage node to which your tape device is attached, and then click Tape 
pools under this machine. 
Select the required pool and click Delete. 
Select the pool to which the tapes of the pool being deleted will be moved after the deletion. 
Click OK to delete the pool. 


Operations with tapes 


Moving to another slot 
Use this operation in the following situations: 


e You need to take several tapes out of a tape device simultaneously. 
e Your tape device does not have a mail slot and the tapes to be taken out are located in slots of 
non-detachable magazine(s). 


You need to move tapes to slots of one slot magazine and then take the magazine out manually. 
To move a tape to another slot: 


1. Click Settings > Tape management. 

2. Select the machine or the storage node to which your tape device is attached, and then click Tape 
pools under this machine. 

Click the pool that contains the necessary tape, and then select the required tape. 

Click Move to slot. 


Select a new slot to move the selected tape to. 
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Click Move to start the operation. 


Moving to another pool 


The operation allows you to move one or several tapes from one pool to another. 


When you move a tape to the Free tapes pool, the software marks it as empty. If the tape contains 


backups, they are marked with the icon. When the software starts overwriting the tape, the data 
related to the backups will be removed from the database. 


Notes about specific types of tape 


e You cannot move write-protected and once-recorded WORM (Write-Once-Read-Many) tapes to the 
Free tapes pool. 


e Cleaning tapes are always displayed in the Unrecognized tapes pool; you cannot move them to 
any other pool. 


To move tapes to another pool: 


1. Click Settings > Tape management. 


2. Select the machine or the storage node to which your tape device is attached, and then click Tape 
pools under this machine. 
Click the pool that contains the necessary tapes, and then select the required tapes. 

4. Click Move to pool. 
[Optional] Click Create new pool if you want to create another pool for the selected tapes. 
Perform actions described in the "Creating a pool" section. 
Select the pool to move the tapes to. 


Click Move to save the changes. 


Inventorying 


The inventorying operation detects tapes loaded into a tape device and assigns names to those that 
have none. 


Inventorying methods 
There are two methods of inventorying. 
Fast inventorying 


The agent or storage node scans tapes for barcodes. Using barcodes, the software can quickly return 
a tape to the pool where it was before. 


Select this method to recognize tapes used by the same tape device attached to the same machine. 
Other tapes will be sent to the Unrecognized tapes pool. 


If your tape library contains no barcode reader, all tapes will be sent to the Unrecognized tapes 
pool. To recognize your tapes, perform full inventorying or combine fast and full inventorying as 
described later in this section. 


Full inventorying 


The agent or storage node reads earlier written tags and analyzes other information about the 
contents of the loaded tapes. Select this method to recognize empty tapes and tapes written by the 
same software on any tape device and any machine. 


The following table shows pools to which tapes are sent as a result of the full inventorying. 


where the tape was before 


Agent or Storage Node Unrecognized tapes 


The fast inventorying can be applied to entire tape devices. The full inventorying can be applied to 
entire tape devices, individual drives, or slots. For stand-alone tape drives, the full inventorying is 
always performed, even if the fast inventorying is selected. 


Combination of fast and full inventorying 


Full inventorying of an entire tape device may take a long time. If you need to inventory only a few 
tapes, proceed as follows: 


1. Perform the fast inventorying of the tape device. 


2. Click the Unrecognized tapes pool. Find the tapes you want to inventory and note which slots 
they occupy. 


3. Perform the full inventorying of these slots. 


What to do after inventorying 


If you want to back up to tapes that were placed in the Unrecognized tapes or Imported tapes 
pool, move them to the Free tapes pool, and then to the Acronis pool or a custom pool. If the pool 
to which you want to back up is replenishable, you may leave the tapes in the Free tapes pool. 


If you want to recover from a tape that was placed in the Unrecognized tapes or Imported tapes 
pool, you need to rescan it. The tape will be moved to the pool you have selected during the 
rescanning, and the backups stored on the tape will appear in the location. 


Sequence of actions 


1. Click Settings > Tape management. 

2. Select the machine to which the tape device is attached, and then select the tape device that you 
want to inventory. 
Click Inventory. 

4. [Optional] To select the fast inventorying, turn off Full inventory. 


[Optional] Turn on Move unrecognized and imported tapes to the 'Free tapes’ pool. 


Warning! 
Only enable this switch if you are absolutely sure that the data stored on your tapes can be 
overwritten. 


6. Click Start inventorying now to start inventory. 


Rescanning 


The information about the contents of tapes is stored in a dedicated database. The rescanning 
operation reads the contents of tapes and updates the database if the information in it mismatches 
the data stored on tapes. The backups detected as a result of the operation are placed in the 
specified pool. 


Within one operation, you can rescan tapes of one pool. Only online tapes can be selected for the 
operation. 


Run the rescanning: 


e If the database of a storage node or managed machine is lost or damaged. 

e If information about a tape in the database is out of date (for example, a tape contents were 
modified by another storage node or agent). 

e To obtain access to backups stored on tapes when working under bootable media. 

e If you have mistakenly removed the information about a tape from the database. When you 
rescan a removed tape, the backups stored on it reappear in the database and become available 
for data recovery. 

e If backups were deleted from a tape either manually or through retention rules but you want them 
to become accessible for data recovery. Before rescanning such a tape, eject it, remove the 
information about it from the database, and then insert the tape into the tape device again. 


To rescan tapes: 


1. Click Settings > Tape management. 

2. Select the machine or the storage node to which your tape device is attached, and then click Tape 
devices under this machine. 
Select the tape device you loaded the tapes to. 

4. Perform the fast inventorying. 


Note 
During the inventorying, do not enable the Move unrecognized and imported tapes to the 
‘Free tapes’ pool switch. 


5. Select the Unrecognized tapes pool. This is the pool to which most of the tapes are sent as a 
result of the fast inventorying. Rescanning any other pool is also possible. 

[Optional] To rescan only individual tapes, select them. 

Click Rescan. 

Select the pool where the newly detected backups will be placed. 
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If necessary, select the Enable file recovery from disk backups stored on tapes check box. 
Details. If the check box is selected, the software will create special supplementary files on a hard 
disk of the machine where the tape device is attached. File recovery from disk backups is possible 
as long as these supplementary files are intact. Be sure to select the check box if the tapes contain 
application-aware backups. Otherwise, you will not be able to recover the application data from 
these backups. 

10. If the tapes contain password-protected backups, select the corresponding check box, and then 
specify the password for the backups. If you do not specify a password, or the password is 
incorrect, the backups will not be detected. Please keep this in mind in case you see no backups 
after the rescanning. 

Tip. If the tapes contain backups protected by various passwords, you need to repeat the 
rescanning several times specifying each password in turn. 


11. Click Start rescan to start the rescanning. 


Result. The selected tapes are moved to the selected pool. The backups stored on the tapes can be 
found in this pool. A backup spread over several tapes will not appear in the pool until all of these 
tapes are rescanned. 


Renaming 
When a new tape is detected by the software, it is automatically assigned a name in the following 


format: Tape XXX, where XXX is a unique number. Tapes are numbered sequentially. The renaming 
operation allows you to manually change the name of a tape. 


To rename tapes: 


1. Click Settings > Tape management. 

2. Select the machine or the storage node to which your tape device is attached, and then click Tape 
pools under this machine. 

Click the pool that contains the necessary tape, and then select the required tape. 

Click Rename. 

Type the new name of the selected tape. 
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Click Rename to save the changes. 


Erasing 


Erasing a tape physically deletes all backups stored on the tape and removes the information about 
these backups from the database. However the information about the tape itself remains in the 
database. 


After erasing, a tape located in the Unrecognized tapes or Imported tapes pool is moved to the 
Free tapes pool. Atape located in any other pool is not moved. 


To erase tapes: 


1. Click Settings > Tape management. 
2. Select the machine or the storage node to which your tape device is attached, and then click Tape 
pools under this machine. 


3. Click the pool that contains the necessary tapes, and then select the required tapes. 
4. Click Erase. The system prompts to confirm the operation. 
5. Select the erasing method: fast or full. 
6. Click Erase to start the operation. 
Details. You cannot cancel the erasing operation. 
Ejecting 


For successful ejecting of a tape from a tape library, the tape library must have the mail slot and the 
slot must not be locked by a user or by other software. 


To eject tapes: 


1. Click Settings > Tape management. 

2. Select the machine or the storage node to which your tape device is attached, and then click Tape 
pools under this machine. 
Click the pool that contains the necessary tapes, and then select the required tapes. 

4. Click Eject. The software will prompt you to provide the tape description. We recommend that 
you describe the physical location where the tapes will be kept. During recovery, the software will 
display this description so you could easily find the tapes. 


5. Click Eject to start the operation. 
After a tape is ejected either manually or automatically, it is recommended to write its name on the 


tape. 


Removing 


The removal operation deletes the information about the backups stored on the selected tape and 
about the tape itself from the database. 


You can only remove an offline (ejected) tape. 


To remove a tape: 


1. Click Settings > Tape management. 

2. Select the machine or the storage node to which your tape device is attached, and then click Tape 
pools under this machine. 
Click the pool that contains the necessary tape, and then select the required tape. 

4. Click Remove. The system prompts to confirm the operation. 


Click Remove to remove the tape. 
What to do if | removed a tape by mistake? 


Unlike an erased tape, the data from a removed tape is not physically deleted. Hence, you can make 
backups stored on such tape available again. To do so: 


1. Load the tape into your tape device. 


2. Perform the fast inventorying to detect the tape. 


Note 
During the inventorying, do not enable the Move unrecognized and imported tapes to the 
"Free tapes' pool switch. 


3. Perform the rescanning to match the data stored on tapes with the database. 


Specifying a tape set 
The operation allows you to specify a tape set for tapes. 
A tape set is a group of tapes within one pool. 


Unlike specifying tape sets in the backup options, where you can use variables, here you can specify 
only a string value. 


Perform this operation if you want the software to back up to specific tapes according to a certain 
rule (for example, if you want to store Monday's backups on Tape 1, Tuesday's backups on Tape 2, 
etc). Specify a certain tape set for each of the required tapes, and then specify the same tape set or 
use proper variables in the backup options. 


For the above example, specify tape set Monday for Tape 1, Tuesday for Tape 2, etc. In the backup 
options, specify [Weekday]. In this case, a proper tape will be used on the respective day of the week. 


To specify a tape set for one or several tapes: 


1. Click Settings > Tape management. 


2. Select the machine or the storage node to which your tape device is attached, and then click Tape 
pools under this machine. 


Click the pool that contains the necessary tapes, and then select the required tapes. 

4. Click Tape set. 

5. Type the tape set name. If another tape set is already specified for the selected tapes, it will be 
replaced. If you want to exclude the tapes from the tape set without specifying another one, 


delete the existing tape set name. 


Click Save to save the changes. 


22.2 Storage nodes 


A storage node is a server designed to optimize the usage of various resources (such as the corporate 
storage capacity, the network bandwidth, and the production servers' CPU load) that are required to 
protect enterprise data. This goal is achieved by organizing and managing the locations that serve as 
dedicated storages of the enterprise backups (managed locations). 


22.2.1 Installing a storage node and a catalog service 
Before installing a storage node, ensure that the machine meets the system requirements. 


We recommend that you install a storage node and a catalog service on separate machines. The 
system requirements to a machine running a catalog service are described in "Cataloging best 
practices". 


To install a storage node and/or a catalog service 


1. Logonasan administrator and start the Acronis Cyber Backup setup program. 

2. [Optional] To change the language the setup program is displayed in, click Setup language. 

3. Accept the terms of the license agreement and select whether the machine will participate in the 
Acronis Customer Experience Program (ACEP). 


Click Install a backup agent. 
Click Customize installation settings. 
Next to What to install, click Change. 
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Select the components to install: 
e To install a storage node, select the Storage Node check box. The Agent for Windows check 
box is automatically selected. 
e Toinstall a catalog service, select the Catalog Service check box. 
e If you do not want to install other components on this machine, clear the corresponding check 
boxes. 
Click Done to continue. 
8. Specify the management server where the components will be registered: 
a. Next to Acronis Cyber Backup Management Server, click Specify. 
b. Specify the host name or IP address of the machine where the management server is installed. 
c. Specify the credentials of a management server administrator or a registration token. 
For more information on how to generate a registration token, refer to "Deploying agents 
through Group Policy". 
If you are not amanagement server administrator, you still can register the machine, by 
selecting the Connect without authentication option. This works on the condition that the 


10. 
11. 
12. 


management server allows anonymous registration, which may be disabled. 
Click Done. 


If prompted, select whether the machine with the storage node and/or the catalog service will be 
added to the organization or to one of the units. 

This prompt appears if you administer more than one unit, or an organization with at least one 
unit. Otherwise, the machine will be silently added to the unit you administer or to the 
organization. For more information, refer to "Administrators and units". 

[Optional] Change other installation settings as described in "Customizing installation settings". 
Click Install to proceed with the installation. 


After the installation completes, click Close. 


22.2.2 Adding a managed location 


A managed location can be organized: 


In a local folder: 

o On a hard drive local to the storage node 

o Ona SAN storage that appears to the operating system as a locally attached device 

In a network folder: 

o OnanSMB/CIFS share 

o Ona SAN storage that appears to the operating system as a network folder 

o Ona NAS 

On a tape device that is locally attached to the storage node. 

Tape-based locations are created in the form of tape pools. One tape pool is present by default. If 
necessary, you can create other tape pools, as described later in this section. 


To create a managed location in a local or network folder 


1. 


Do one of the following: 

e Click Backups > Add location, and then click Storage node. 

e When creating a backup plan, click Where to back up > Add location, and then click Storage 
node. 

e Click Settings > Storage nodes, select the storage node that will manage the location, and 
then click Add location. 

In Name, specify a unique name for the location. "Unique" means that there must not be another 

location with the same name, managed by the same storage node. 

[Optional] Select the storage node that will manage the location. If you selected the last option in 

step 1, you will not be able to change the storage node. 

Select the storage node name or IP address that the agents will use to access the location. 

By default, the storage node name is chosen. You may need to change this setting if the DNS 

server is unable to resolve the name to the IP address, which results in an access failure. To change 

this setting at a later time, click Backups > the location > Edit, and then change the Address field 

value. 


10. 


11. 


Enter the folder path or browse to the desired folder. 

Click Done. The software checks the access to the specified folder. 

[Optional] Enable backup deduplication in the location. 

Deduplication minimizes backup traffic and reduces the size of backups stored in the location by 
eliminating duplicate disk blocks. 

For more information about deduplication restrictions, refer to "Deduplication restrictions". 
[Only if deduplication is enabled] Specify or change the Deduplication database path field 
value. 

This must be a folder on a hard drive local to the storage node. To improve the system 
performance, we recommend that you create the deduplication database and the managed 
location on different disks. 

For more information about deduplication database, refer to "Deduplication best practices". 
[Optional] Select whether to protect the location with encryption. Anything written to the location 
will be encrypted and anything read from it will be decrypted transparently by the storage node, 
by using a location-specific encryption key stored on the storage node. 

For more information about encryption, refer to "Location encryption”. 

[Optional] Select whether to catalog the backups stored in the location. The data catalog lets you 
easily find the required version of data and select it for recovery. 

If several cataloging services are registered on the management server, you can select the service 
that will catalog the backups stored in the location. 

Cataloging can be enabled or disabled at a later time, as described in "How to enable or disable 
cataloging”. 


Click Done to create the location. 


To create a managed location on a tape device 
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Click Backups > Add location or, when creating a backup plan, click Where to back up > Add 
location. 


2. Click Tapes. 
[Optional] Select the storage node that will manage the location. 
4. Follow the steps described in "Creating a pool", starting from step 4. 
Note 


By default, agents use the storage node name to access a managed tape-based location. To make the 
agents use the storage node IP address, click Backups > the location > Edit, and then change the 
Address field value. 


22.2.3 Deduplication 


Deduplication restrictions 


Common restrictions 


Encrypted backups cannot be deduplicated. If you want to use deduplication and encryption at the 
same time, leave the backups unencrypted and direct them to a location where both deduplication 
and encryption are enabled. 


Disk-level backup 
Deduplication of disk blocks is not performed if the volume's allocation unit size—also known as 


cluster size or block size—is not divisible by 4 KB. 


Note 

The allocation unit size on most NTFS and ext3 volumes is 4 KB. This allows for block-level 
deduplication. Other examples of allocation unit sizes allowing for block-level deduplication include 
8 KB, 16 KB, and 64 KB. 


File-level backup 
Deduplication of a file is not performed if the file is encrypted. 
Deduplication and NTFS data streams 


Inthe NTFS file system, a file may have one or more additional sets of data associated with it—often 
called alternate data streams. 


When such file is backed up, so are all its alternate data streams. However, these streams are never 
deduplicated—even when the file itself is. 


Deduplication best practices 
Deduplication is a complex process that depends on many factors. 
The most important factors that influence deduplication speed are: 


e The speed of access to the deduplication database 
e The RAM capacity of the storage node 


e The number of deduplicating locations created on the storage node. 


To increase deduplication performance, follow the recommendations below. 


Place the deduplication database and deduplicating location on separate physical 
devices 
The deduplication database stores the hash values of all items stored in the location—except for 


those that cannot be deduplicated, such as encrypted files. 


To increase the speed of access to a deduplication database, the database and the location must be 
placed on separate physical devices. 


It is best to allocate dedicated devices for the location and the database. If this is not possible, at least 
do not place a location or database on the same disk with the operating system. The reason is that 
the operating system performs a large number of hard disk read/write operations, which significantly 
slows down the deduplication. 


Selecting a disk for a deduplication database 


e The database must reside on a fixed drive. Please do not try to place the deduplication database 
on external detachable drives. 

e To minimize access time to the database, store it on a directly attached drive rather than ona 
mounted network volume. The network latency may significantly reduce deduplication 
performance. 

e The disk space required for a deduplication database can be estimated by using the following 
formula: 


S=U*90/65536 + 10 
Here, 
S is disk size, in GB 
U is the planned amount of unique data in the deduplication data store, in GB 


For example, if the planned amount of unique data in the deduplication data store is U=5 TB, 
the deduplication database will require a minimum of free space, as shown below: 


S = 5000 * 90/ 65536 +10 = 17 GB 
Selecting a disk for a deduplicating location 


For the purpose of data loss prevention, we recommend using RAID 10, 5, or 6. RAID 0 is not 
recommended since it not fault tolerant. RAID 1 is not recommended because of relatively low speed. 
There is no preference to local disks or SAN, both are good. 


40 to 160 MB of RAM per 1 TB of unique data 


When the limit is reached, deduplication will stop but backup and recovery will continue to work. If 
you add more RAM to the storage node, after the next backup, the deduplication will resume. In 
general, the more RAM you have, the larger volumes of unique data you can store. 


Only one deduplicating location on each storage node 


It is highly recommended that you create only one deduplicating location on a storage node. 
Otherwise, the whole available RAM volume may be distributed in proportion to the number of the 
locations. 


Absence of applications competing for resources 


The machine with the storage node should not run applications that require much system resources; 
for example, Database Management Systems (DBMS) or Enterprise Resource Planning (ERP) systems. 


Multi-core processor with at least 2.5 GHz clock rate 


We recommend that you use a processor with the number of cores not less than four and the clock 
rate not less than 2.5 GHz. 


Sufficient free space in the location 


Deduplication at target requires as much free space as the backed-up data occupies immediately 
after saving it to the location. Without a compression or deduplication at source, this value is equal to 
the size of the original data backed up during the given backup operation. 


High-speed LAN 


1-Gbit LAN is recommended. It will allow the software to perform 5-6 backups with deduplication in 
parallel, and the speed will not reduce considerably. 


Back up a typical machine before backing up several machines with similar contents 


When backing up several machines with similar contents, it is recommended that you back up one 
machine first and wait until the end of the backed-up data indexing. After that, the other machines 
will be backed up faster owing to the efficient deduplication. Because the first machine's backup has 
been indexed, most of the data is already in the deduplication data store. 


Back up different machines at different times 


If you back up a large number of machines, spread out the backup operations over time. To do this, 
create several backup plans with various schedules. 


22.2.4 Location encryption 


If you protect a location with encryption, anything written to the location will be encrypted and 
anything read from it will be decrypted transparently by the storage node, by using a location-specific 
encryption key stored on the node. If the storage medium is stolen or accessed by an unauthorized 
person, the malefactor will not be able to decrypt the location contents without access to the storage 
node. 


This encryption has nothing to do with the backup encryption specified by the backup plan and 
performed by an agent. If the backup is already encrypted, the storage node-side encryption is 
applied over the encryption performed by the agent. 


To protect the location with encryption 


1. Specify and confirm a word (password) to be used for generating the encryption key. 
The word is case-sensitive. You will be asked for this word only when attaching the location to 
another storage node. 
2. Select one of the following encryption algorithms: 
e AES 128 - the location contents will be encrypted by using the Advanced Encryption Standard 
(AES) algorithm with a 128-bit key. 
e AES 192 - the location contents will be encrypted by using the AES algorithm with a 192-bit 
key. 
e AES 256 - the location contents will be encrypted by using the AES algorithm with a 256-bit 
key. 
3. Click OK. 


The AES cryptographic algorithm operates in the Cipher-block chaining (CBC) mode and uses a 
randomly generated key with a user-defined size of 128, 192 or 256 bits. The larger the key size, the 
longer it will take for the program to encrypt the backups stored in the location and the more secure 
the backups will be. 


The encryption key is then encrypted with AES-256 using a SHA-256 hash of the selected word as a 
key. The word itself is not stored anywhere on the disk; the word hash is used for verification 
purposes. With this two-level security, the backups are protected from any unauthorized access, but 
recovering a lost word is not possible. 


22.2.5 Cataloging 


Data catalog 


The data catalog lets you easily find the required version of data and select it for recovery. The data 
catalog displays the data stored in the managed locations for which cataloging is or was enabled. 


The Catalog section appears under the Backups tab only if at least one catalog service is registered 
on the management server. For information about installing the catalog service, refer to "Installing a 
storage node and a catalog service". 


The Catalog section is visible only to organization administrators. 


Limitations 


Cataloging is supported only for disk- and file-level backups of physical machines, and backups of 
virtual machines. 


The following data cannot be displayed in the catalog: 


e Data from the encrypted backups 

e Data backed up to tape devices 

e Data backed up to the cloud storage 

e Data backed up by product versions earlier than Acronis Cyber Backup 12.5 


Selecting the backed-up data for recovery 


1. Click Backups > Catalog. 
2. If several cataloging services are registered on the management server, select the service that 
catalogs the backups stored in the location. 


Note 
To see which service catalogs a location, select the location in Backups > Locations > Locations, 


and then click Details. 


3. The software shows the machines that were backed up to the managed locations cataloged by the 
selected catalog service. 
Select the data to recover by browsing or by using search. 
-« Browsing 
Double-click a machine to view the backed-up disks, volumes, folders, and files. 


To recover a disk, select the disk marked with the following icon: ==! 
To recover a volume, double click the disk that contains the volume, and then select the 
volume. 


To recover files and folders, browse the volume where they are located. You can browse 
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volumes that are marked with the folder icon: = 
e Search 
In the search field, type the information that helps to identify the required data items (this can 
be a machine name, a file or folder name, or a disk label) and then click Search. 
You can use the asterisks (*) and question marks (?) as wildcards. 
As aresult of the search, you will see the list of backed-up data items whose names fully or 
partially match the entered value. 
4. By default, the data will be reverted to the latest possible point in time. If a single item is selected, 
you can use the Versions button to select a recovery point. 
5. Having selected the required data, do one of the following: 
e Click Recover, and then configure the parameters of the recovery operation as described in 
"Recovery". 
e [Only for files/folders] If you want to save the files as a .zip file, click Download, select the 
location to save the data to, and click Save. 


Cataloging best practices 


To increase cataloging performance, follow the recommendations below. 


Installation 


We recommend that you install a catalog service and a storage node on separate machines. 
Otherwise, these components will compete for CPU and RAM resources. 


If several storage nodes are registered on the management server, one catalog service is sufficient 
unless the indexing or search performance degrades. For example, if you notice that cataloging is 
working 24/7 (meaning that there are no pauses between cataloging activities), install one more 
catalog service on a separate machine. Then, remove some of the managed locations and recreate 
them with the new catalog service. The backups stored in these locations will be kept intact. 


System requirements 


Parameter Minimum Recommended 
value value 


16 GB and more 
Hard disk 7200 rpm SSD 
HDD 
Network connection between the machine with the storage node and 100 Mbps 1 Gbps 
the machine with the catalog service 


How to enable or disable cataloging 


If cataloging is enabled for a managed location, the content of each backup directed to the location is 
added to the data catalog as soon as the backup is created. 


You can enable cataloging when adding a managed location or at a later time. Once cataloging is 
enabled, all backups that are stored in the location and were not previously cataloged will be 
cataloged after the next backup to the location. 


The cataloging process can be time-consuming, especially if a large number of machines is backed up 
to the same location. You can disable cataloging at any time. Cataloging of backups that were created 
prior to disabling will be completed. The newly created backups will not be cataloged. 


To configure cataloging for an existing location 


1. Click Backup storage > Locations. 

2. Click Locations, and then select the managed location for which you want to configure 
cataloging. 
Click Edit. 

4. Enable or disable the Catalog service switch. 
Click Done. 


23 System settings 


These settings are only available in on-premises deployments. 
To access these settings, click Settings > System settings. 


The System settings section is visible only to organization administrators. 


23.1 Email notifications 


You can configure the global settings that are common for all email notifications sent from the 
management server. 


In default backup options, you can override these settings exclusively for the events that occur 
during backup. In this case, the global settings will be effective for operations other than backup. 


When creating a backup plan, you can choose which settings will be used: the global settings or the 
settings specified in the default backup options. You can also override them with custom values that 
will be specific for the plan only. 


Important 
When the global email notification settings are changed, all backup plans that use the global settings 
are affected. 


Before configuring these settings, ensure that the Email server settings are configured. 
To configure global email notification settings 


1. Click Settings > System settings > Email notifications. 
2. Inthe Recipients’ email addresses field, type the destination email address. You can enter 
several addresses separated by semicolons. 
3. [Optional] In Subject, change the email notification subject. 
You can use the following variables: 
e [Alert] -alert summary. 
e [Device] - device name. 
e [Plan] -the name of the plan that generated the alert. 
e [ManagementServer ] - the host name of the machine where the management server is 
installed. 
e [Unit] -the name of the unit to which the machine belongs. 
The default subject is [Alert] Device: [Device] Plan: [Plan] 
4. [Optional] Select the Daily recap about active alerts check box, and then do the following: 
a. Specify the time when the recap will be sent. 
b. [Optional] Select the Do not send the 'No active alerts' messages check box. 


5. [Optional] Select a language that will be used in the email notifications. 


6. Select the check boxes for the events that you want to receive notifications about. You can select 


from the list of all possible alerts, grouped by severity. 
7. Click Save. 


23.2 Email server 


You can specify an email server that will be used to send email notifications from the management 


server. 


To specify the email server 


1. 
2. 


Click Settings > System settings > Email server. 


In Email service, select one of the following: 


Custom 

Gmail 

The Less secure apps setting must be turned on in your Gmail account. For more 
information, refer to https://support. google.com/accounts/answer/6010255. 
Yahoo Mail 


Outlook.com 


[Only for a custom email service] Specify the following settings: 


In SMTP server, enter the name of the outgoing mail server (SMTP). 

In SMTP port, set the port of the outgoing mail server. By default, the port is set to 25. 

Select whether to use SSL or TLS encryption. Select None to disable encryption. 

If the SMTP server requires authentication, select the SMTP server requires authentication 
check box, and then specify the credentials of an account that will be used to send messages. If 
you are not sure whether the SMTP server requires authentication, contact your network 
administrator or your email service provider for assistance. 


[Only for Gmail, Yahoo Mail, and Outlook.com] Specify the credentials of an account that will be 
used to send messages. 


[Only for a custom email service] In Sender, type the name of the sender. This name will be shown 
in the From field of the email notifications. If you leave this field empty, the messages will contain 
the account specified in step 3 or 4. 


[Optional] Click Send test message to check whether the email notifications work correctly with 
the specified settings. Enter an email address to send the test message to. 


23.3 Security 


Use these options to enhance security of your Acronis Cyber Backup on-premises deployment. 


23.3.1 Log out inactive users after 


This option lets you specify a timeout for automatic logout due to user inactivity. When one minute is 
left in the set timeout, the software prompts the user to stay logged in. Otherwise, the user will be 


logged out and all unsaved changes will be lost. 


The preset is: Enabled. Timeout: 10 minutes. 


23.3.2 Show notification about the last login of the current user 


This option enables displaying the date and time of the user's last successful login, the number of 
authentication failures since the last successful login, and the IP address of the last successful login. 
This information is shown at the bottom of the screen every time the user logs in. 


The preset is: Disabled. 


23.3.3 Warn about local or domain password expiration 


This option enables displaying when the password for user's access to Acronis Cyber Backup 
Management Server will expire. This is the local or domain password with which the user logs on to 
the machine where the management server is installed. The time before password expiration is 
shown at the bottom of the screen and in the account menu in the top-right corner. 


The preset is: Disabled. 


23.4 Updates 


This option defines whether Acronis Cyber Backup checks for a new version each time an 
organization administrator signs in to the backup console. 


The preset is: Enabled. 


If this option is disabled, the administrator can check for updates manually as described in "Checking 
for software updates", 


23.5 Default backup options 


The default values of backup options are common for all backup plans on the management server. 
An organization administrator can change a default option value against the pre-defined one. The 
new value will be used by default in all backup plans created after the change takes place. 


When creating a backup plan, a user can override a default value with a custom value that will be 
specific for this plan only. 


To change a default option value 


Sign in to the backup console as an organization administrator. 
Click Settings > System settings. 
Expand the Default backup options section. 


Select the option, and then make the necessary changes. 


Oo e wW NV > 


Click Save. 


23.6 Configuring anonymous registration 


During a local installation of an agent, the setup program suggests the option to register the machine 
on the management server anonymously; in other words, to connect without authentication. 
Anonymous registration also happens if incorrect credentials for the management server are 
specified in the Agent for VMware (Virtual Appliance) GUI. Anonymous registration lets a 
management server administrator delegate the agent installation to users. 


It is possible to disable anonymous registration on the management server so that the valid user 
name and password of a management server administrator are always required for a device 
registration. If a user opts for anonymous registration, the registration will fail. Registration of 
bootable media pre-configured with the Do not ask for user name and password option also will 
be rejected. During unattended installation, you will need to provide a registration token in the 
transform file (.mst) or as the msiexec command parameter. 


To disable anonymous registration on the management server 


1. Login to the machine where the management server is installed. 
2. Open the following configuration file in a text editor: 

e In Windows: %ProgramData%\Acronis\ApiGateway\api_gateway.json 

e In Linux: /var/lib/Acronis/ApiGateway/api_gateway.json 
3. Locate the following section: 

Taurens x 
"anonymous_role": { 
"enabled": true 


} 
H, 


If you updated the management server from build 11010 or earlier, this section is absent. Copy 
and paste it to the beginning of the file right after the opening brace {. 
4. Change true to false. 


Save the api_gateway.json file. 


Important 
Please be careful and do not accidentally delete any commas, brackets, and quotation marks in 


the configuration file. 


6. Restart Acronis Service Manager Service as described in "Changing the SSL certificate settings". 


24 Administering user accounts and 
organization units 


24.1 On-premises deployment 


An on-premises deployment includes a number of software components that are described in the 
"Components" section. The diagram below illustrates the component interaction and the ports 
required for this interaction. 
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24.1.1 Legend 


The arrow direction shows which component initiates the connection. Note that all ports are TCP 
unless otherwise specified. 


1. 11. 


Download installation components: 80 to Receive catalog metadata: 9200 
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dl.acronis.com 


2. 12. 


Sync subscription licenses: 443 to © 
© e Manage Acronis Storage Node: 7780 ZMQ 
account.acronis.com 


e Register Acronis Storage Node and manage 
tasks: TCP 9877 


3. 13. 


Manage environment: 9877 © Backup to managed location: 9876, 9852 © 


4. 14. 


Access via remote command line (acrocmd, e SMB: UDP 137, UDP 138 and TCP 139, TCP 445 
acropsh): 9851 e SFTP: 22 (default, can vary) 


5. 15. 


e Register agent: 9877 Create virtual machine backups: 443, 902 


e Manage agent: 7780 ZMQ © 
e Sync licenses: 9877 


6. 16. 
Remote installation: NFS: TCP, UDP 111 and 2049 


e Update 1 and earlier: 445, 25001, 9876 
e Update 2 and later: 445, 25001, 43234 


7. 17. 


Access via remote command line (acrocmd, Send reports and emails: SMTP (25, 465, 587, etc) 
acropsh): 9850 


8. 18. 


Create backups to Acronis cloud storage: 443, Deploy appliance: 443, 902 
8443, 44445, 5060 


9. 19. 
e SMB: UDP 137, UDP 138 and TCP 139, TCP 445 


Browse and search backups: 9877 
e SFTP: 22 (default, may vary) 


10. 


Index backups: 9876 


— Backup data © CurveZMQ 256-bit key 


— Management data © HTTPS/TLS 


sasecnsss -> Optional functionality 


24.1.2 Administrators and units 


The Administrators panel shows the Organization group with the tree of units (if any) and the list 
of administrators of the unit that is selected in the tree. 
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Administrators 


Who are the management server administrators? 
Any account that is able to sign in to the backup console is a management server administrator. 


Organization administrators are the top-level administrators. Unit administrators are administrators 
of the child groups (units). 


In the backup console, each administrator has a view scoped to their area of control. An 
administrator can view and manage anything on or below their level in the hierarchy. 


Who are the default administrators? 


In Windows 
When the management server is being installed on a machine, the following happens: 


e The Acronis Centralized Admins user group is created on the machine. 

On a domain controller, the group is named DCNAME $ Acronis Centralized Admins; here, 
DCNAME stands for the NetBIOS name of the domain controller. 

e All members of the Administrators group are added to the Acronis Centralized Admins group. 
If the machine is in a domain but is not a domain controller, local (non-domain) users are then 
excluded. On a domain controller, there are no non-domain users. 

e The Acronis Centralized Admins and the Administrators groups are added to the 
management server as organization administrators. If the machine is in a domain but is not a 
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domain controller, the Administrators group is not added, so that local (non-domain) users do 
not become organization administrators. 


You can delete the Administrators group from the list of the organization administrators. However, 
the Acronis Centralized Admins group cannot be deleted. In the unlikely case that all organization 
administrators have been deleted, you can add an account to the Acronis Centralized Admins 
group in Windows, and then log in to the backup console by using this account. 


In Linux 


When the management server is being installed on a machine, the root user is added to the 
management server as an organization administrator. 


You can add other Linux users to the list of management server administrators as described later, and 
then delete the root user from this list. In the unlikely case that all organization administrators have 
been deleted, you can restart the acronis_asm service. As a result, the root user will be automatically 
re-added as an organization administrator. 


Who can be an administrator? 


If the management server is installed on a Windows machine that is included in an Active Directory 
domain, any local or domain user or user group can be added to the management server 
administrators. Otherwise, only local users and groups can be added. 


For information about how to add an administrator to the management server, refer to "Adding 
administrators". 


Units and unit administrators 


The Organization group is automatically created when you install the management server. With the 
Acronis Cyber Backup Advanced license, you can create child groups called units, which typically 
correspond to units or departments of the organization, and add administrators to the units. 


This way, you can delegate backup management to other people whose access permissions will be 
strictly limited to the corresponding units. 


For information about how to create a unit, refer to "Creating units". 


What if an account is added to multiple units? 


An account can be added as a unit administrator to any number of units. For such an account, as 
well as for organization administrators, the unit selector is shown in the backup console. By using this 
selector, the administrator can view and manage each unit separately. 
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An account that has permissions for all units does not have permissions for the organization. 
Organization administrators must be added to the Organization group explicitly. 


How to populate units with machines 


When an administrator adds a machine via the web interface, the machine is added to the unit 
managed by the administrator. If the administrator manages multiple units, the machine is added to 
the unit chosen in the unit selector. Therefore, the administrator must choose the unit prior to 
clicking Add. 


When installing agents locally, an administrator provides their credentials. The machine is added to 
the unit managed by the administrator. If the administrator manages multiple units, the installer 
prompts to choose a unit to which the machine will be added. 


24.1.3 Adding administrators 
To add administrators 


1. Click Settings > Administrators. 
The software displays the list of the management server administrators and the tree of units (if 
any). 
2. Select Organization or select the unit where you want to add an administrator. 
Click Add administrator. 
4. In Domain, select the domain that contains the user accounts that you want to add. If the 
management server is not included in an Active Directory domain or is installed in Linux, only local 
users can be added. 
Search for the user name or the user group name. 
Click "+" next to the name of the user or group. 
Repeat steps 4-6 for all users or groups that you want to add. 
When finished, click Done. 


Cox NE ON o 
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9, [Only in Linux] Add the user names to the Acronis Linux Pluggable Authentication Module (PAM) 
as described below. 


To add user names to the Acronis Linux PAM 


1. On the machine running the management server, as the root user, open the file 
/etc/security/acronisagent.conf with atext editor. 


2. In this file, type the user names that you added as the management server administrators, one 
per line. 


3. Save and close the file. 


24.1.4 Creating units 


1. Click Settings > Administrators. 

2. The software displays the list of the management server administrators and the tree of units (if 
any). 
Select Organization or select the parent unit for the new unit. 

4. Click Create unit. 


Specify a name for the new unit, and then click Create. 


24.2 Cloud deployment 


Administering user accounts and organization units is available in the management portal. To access 


the management portal, click Management Portal when logging in to the backup service or click the 


OO 
OO icon in the top-right corner, and then click Management portal. Only users that have 


administrative privileges can access this portal. 


For information about administering user accounts and organization units, refer to the Management 
Portal Administrator's Guide. To access this document, click the question mark icon in the 
management portal. 


This section provides additional information related to managing the backup service. 


24.2.1 Quotas 


Quotas enable you to limit the users’ ability to use the service. To set the quotas, select the user on 
the Users tab, and then click the pencil icon in the Quotas section. 


When a quota is exceeded, a notification is sent to the user's email address. If you do not set a quota 
overage, the quota is considered "soft". This means that restrictions on using the backup service are 
not applied. 


You can also specify the quota overages. An overage allows the user to exceed the quota by the 
specified value. When the overage is exceeded, restrictions on using the backup service are applied. 


Backup 


You can specify the cloud storage quota, the quota for local backup, and the maximum number of 
machines/devices/mailboxes a user is allowed to protect. The following quotas are available: 


e Cloud storage 

« Workstations 

e Servers 

e Windows Server Essentials 

e Virtual hosts 

e Universal 
This quota can be used instead of any of the four quotas listed above: Workstations, Servers, 
Windows Server Essentials, Virtual hosts. 

e Mobile devices 

e Office 365 mailboxes 

e Local backup 


A machine/device/mailbox is considered protected as long as at least one backup plan is applied to it. 
A mobile device becomes protected after the first backup. 


When the cloud storage quota overage is exceeded, backups fail. When the overage for a number of 
devices is exceeded, the user cannot apply a backup plan to more devices. 


The Local backup quota limits the total size of local backups that are created by using the cloud 
infrastructure. An overage cannot be set for this quota. 


Disaster recovery 


These quotas are applied by the service provider to the entire company. Company administrators can 
view the quotas and the usage in the management portal, but cannot set quotas for a user. 


e Disaster recovery storage 
This storage is used by primary and recovery servers. If the overage for this quota is reached, it is 
not possible to create primary and recovery servers, or add/extend disks of the existing primary 
servers. If the overage for this quota is exceeded, it is not possible to initiate a failover or just start 
a stopped server. The running servers continue to run. 
When the quota is disabled, all of the servers are deleted. The Cloud recovery site tab disappears 
from the backup console. 

e Compute points 
This quota limits the CPU and RAM resources that are consumed by primary and recovery servers 
during a billing period. If the overage for this quota is reached, all primary and recovery servers are 
shut down. It is not possible to use these servers until the beginning of the next billing period. The 
default billing period is a full calendar month. 
When the quota is disabled, the servers cannot be used regardless of the billing period. 


Public IP addresses 

This quota limits the number of public IP addresses that can be assigned to primary and recovery 
servers. If the overage for this quota is reached, it is not possible to enable public IP addresses for 
more servers. You can disallow a server to use a public IP address, by clearing the Public IP 
address check box in the server settings. After that, you can allow another server to use a public IP 
address, which usually will not be the same one. 

When the quota is disabled, all of the servers stop using public IP addresses, and thus become not 
reachable from the Internet. 

Cloud servers 

This quota limits the total number of primary and recovery servers. If the overage for this quota 
reached, it is not possible to create primary or recovery servers. 

When the quota is disabled, the servers are visible in the backup console, but the only available 
operation is Delete. 

Internet access 

This quota enables or disables the Internet access from primary and recovery servers. 

When the quota is disabled, the primary and recovery servers are disconnected from the Internet 
immediately. The Internet access switch in the servers' properties becomes cleared and disabled. 


24.2.2 Notifications 


To change the notifications settings for a user, select the user on the Users tab, and then click the 


pencil icon in the Settings section. The following notifications settings are available: 


Quota overuse notifications (enabled by default) 

The notifications about exceeded quotas. 

Scheduled usage reports 

The usage reports described below that are sent on the first day of each month. 

Failure notifications, Warning notifications, and Success notifications (disabled by default) 
The notifications about the execution results of backup plans and the results of disaster recovery 
operations for each device. 

Daily recap about active alerts (enabled by default) 


The recap that informs about failed backups, missed backups, and other problems. The recap is 
sent at 10:00 (data center time). If there are no problems by this moment, the recap is not sent. 


All notifications are sent to the user's email address. 


24.2.3 Reports 


The report about using the backup service includes the following data about the organization or a 


unit: 


Size of backups by unit, by user, by device type. 
Number of protected devices by unit, by user, by device type. 
Price value by unit, by user, by device type. 


e The total size of backups. 
e The total amount of protected devices. 


e Total price value. 


25 Command-line reference 


Command-line reference is a separate document available at 
https://www.acronis.com/support/documentation/AcronisCyberBackup_12.5_Command_Line_ 
Reference. 
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26 Troubleshooting 


This section describes how to save an agent log to a .zip file. If a backup fails for an unclear reason, 
this file will help the technical support personnel to identify the problem. 


To collect logs 


1. Do one of the following: 
e Under Devices, select the machine that you want to collect the logs from, and then click 
Activities. 
e Under Settings > Agents, select the machine that you want to collect the logs from, and then 
click Details. 
2. Click Collect system information. 
3. If prompted by your web browser, specify where to save the file. 


Glossary 
B 


Backup set 


A group of backups to which an individual 
retention rule can be applied. For the Custom 
backup scheme, the backup sets correspond to 
the backup methods (Full, Differential, and 
Incremental). In all other cases, the backup sets 
are Monthly, Daily, Weekly, and Hourly. A 
monthly backup is the first backup created after 
a month starts. A weekly backup is the first 
backup created on the day of the week selected 
in the Weekly backup option (click the gear icon, 
then Backup options > Weekly backup). If a 
weekly backup is the first backup created after a 
month starts, this backup is considered 
monthly. In this case, a weekly backup will be 
created on the selected day of the next week. A 
daily backup is the first backup created after a 
day starts, unless this backup falls within the 
definition of a monthly or weekly backup. An 
hourly backup is the first backup created after 
an hour starts, unless this backup falls within 
the definition of a monthly, weekly, or daily 


backup. 


D 


Differential backup 


A differential backup stores changes to the data 
against the latest full backup. You need access 
to the corresponding full backup to recover the 
data from a differential backup. 


F 


Full backup 


A self- sufficient backup containing all data 
chosen for backup. You do not need access to 


any other backup to recover the data from a full 
backup. 


Incremental backup 


A backup that stores changes to the data 
against the latest backup. You need access to 
other backups to recover data from an 


incremental backup. 


M 


Managed location 


A backup location managed by a storage node. 
Physically, managed locations can reside on a 
network share, SAN, NAS, on a hard drive local 
to the storage node, or on a tape library locally 
attached to the storage node. The storage node 
performs cleanup and validation (if those are 
included in a backup plan) for each backup 
stored in the managed location. You can specify 
additional operations that the storage node will 
perform (deduplication, encryption). 


S 


Single-file backup format 


A new backup format, in which the initial full and 
subsequent incremental backups are saved to a 
single .tib file, instead of a chain of files. This 
format leverages the speed of the incremental 
backup method, while avoiding its main 
disadvantage- difficult deletion of outdated 
backups. The software marks the blocks used by 
outdated backups as "free" and writes new 
backups to these blocks. This results in 
extremely fast cleanup, with minimal resource 
consumption. The single-file backup format is 


not available when backing up to locations that 
do not support random- access reads and 
writes, for example, SFTP servers. 


Startup Recovery Manager (SRM) 


A modification of the bootable agent, residing 
on the system disk and configured to start at 
boot time when F11 is pressed. Startup 
Recovery Manager eliminates the need for 
rescue media or network connection to start 
the bootable rescue utility. Startup Recovery 
Manager is especially useful for mobile users. If a 
failure occurs, the user reboots the machine, 
hits F11 on prompt "Press F11 for Startup 
Recovery Manager..." and performs data 
recovery in the same way as with ordinary 
bootable media. Limitation: requires re- 
activation of loaders other than Windows 
loaders and GRUB. 
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